I was surfing the net when my Windows explorer popped up and somthing was installing or did install on my hd. My Norton firewall popped up asking whether or not to allow "readme.exe" in my C drive root directory to access the internet. I clicked no. I then deleted the "readme.exe" file from my hd. When I started up my browser (Internet Explorer 5.5) I was directed to this page on my hd: res://C:\WINDOWS\system32\shdocsv.dll/API32.htm#ID=347;065D It basically lists my personal information (IP, country of origin, OS, etc) and says my activities are being monitored and advises me to click on a link to download privacy protection software; the link is "javascript:redirector.dll" which when I tried to right-click to copy to post here showed up as "evidence-eliminator.com." I am running an older PC right now which, for some reason, will not let me use hijack this (it says I am missing MSVBM60.DLL) but msinfo32 does not show any unusual processes running since I stopped "readme.exe" and deleted it and my firewall does not show any odd connections. Does anyone know if this could be some type of virus or keylogger that is now in my system? Is there anyway to find out? Thanks

Visual Basic 6.0 Run-time Files Computers in the future may have only 1,000 vacuum tubes and perhaps only weigh 1 1/2 tons. - Popular Mechanics, 1949

This sounds more like a scam than a virus. You will notice that the address where the information is located is on your hard drive. The aim is to goad you into buying a sham program which won't really do much. I'm not sure that shdocsv.dll is a valid file. I'm not using win98 at the moment, perhaps someone else can check. A similar problem was solved on another forum by deleting C:\WINDOWS\SYSTEM32\SVCNT.exe while in safe mode.

Doesn't appear to be part of 98SE/IE5.5 anyhow. Results from Google are decidedly shady, and may even involve (the vile) Smitfraud Computers in the future may have only 1,000 vacuum tubes and perhaps only weigh 1 1/2 tons. - Popular Mechanics, 1949

Thanks. I should have waited to post the above message. I found a rule in my Norton firewall that wasn't there before for "loadnew.exe." I did an online virus scan with Panda and it found in my c:\windows\system dktibs.exe (a dialer.bb), paydial.exe (a dialer.xc), systime.exe (adware). All of these have 0kbs. Does this mean they are just empty files? Panda virus scan also found in my C:\WINDOWS\SYSTEM32\ svcnt.exe (spyware/Smitfraud), shdocsv.dll (Adware/E-eliminator) and it also found C:\WINDOWS\TEMP\pavE321.TMP (Adware:Adware/E-eliminator). The loadnew.exe was a virus which Panda disinfected. The svnct file was actually set to load as a start-up program in msconfig, which I unchecked. As stated above, I can try delete svcnt in safe mode but with the other files, would adaware and spybot search and destroy work or do I have to manually get rid of them?

I think that they should be able to get rid of at least most of them. Check them off the list after each scan. Make sure that you have the latest definitions. Also, run the scans again in safe mode to be sure. Should you have problems finding them and updating. Decisive use of task manager might help. The only program that you need running is explorer.exe. You might also leave your AV running and of course taskman is the task manager program.

I don't think loadnew.exe is a real virus. But if you want to get rid of all of its "friends" look here: http://www.computerhilfen.de/hilfen-17-36803-0.html BrunoB Denmark