Soooo apparently I have a virus on my computer for the first time in my life... I know a fair amount about these things and NCSU's antivirus found the file that's causing problems, it's

TSPY_NILAGE.BH from ...\system32\msryxwpjobh.dll

I can't delete the file because it says access is denied, so I try to boot in safe mode, but for some reason I get no boot menu?! I don't know... I've never booted this laptop (new-ish) in safe mode before, I'm running XP Pro and pressing F8 all over the place during start-up, but nothing happens except a normal boot. I'm working on a project and I really need to get rid of this, so any help at all would be greatly GREATLY appreciated.

Thomas

2/6/2009 1:46:23 AM

Okay, I am booted in Safe Mode now, but I still get an access denied prompt when I try to delete this file... HELP!!?!

2/6/2009 2:02:16 AM

how about googling what the virus is, and finding the manual removal tool/instructions?

2/6/2009 2:50:58 AM

I went to Trend Micro's page about the virus and it basically says it just needs to be deleted, but obviously I am unable to do that... I'd rather not have to boot from a disc and delete my system32 folder...

http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_NILAGE.BH&VSect=Sn

Any suggestions? Or was there something that you saw on Google that I missed?

2/6/2009 3:11:55 AM

there are plenty of other ways to boot from a disc and delete a file from your hard drive. try using the recovery mode on your Windows boot CD, or burning a Linux boot disk that will mount your hard drive (Knoppix comes to mind).

2/6/2009 7:22:07 AM

are you trying to manually delete it or trying to delete it using your anti-virus?

2/6/2009 8:04:04 AM

I tried doing a system restore and that didn't work either. The machine is at the College of Design IT lab and this thing is currently stumping the guy who is IMO the best there. Where Trend Micro wouldn't actually remove the .dll file and I couldn't delete it even in safe mode, I used Ad-Aware and it did remove the file, but now EVERY SINGLE program I try to open (other than IE) says it can't open because it's missing a critical file and points back to the same .dll file that Ad-Aware deleted. I guess the next step is to restore from a disk... Anyone have any other suggestions?

2/6/2009 9:20:34 AM

If it's Windows, just use the CD to do a repair.

2/9/2009 5:26:58 PM

^^

if its in a lab STOP!

put in a case with university IT(OIT). Design I think has an in-house IT, it will get sent to them. let them fix it. If its on your personal acct with the university, call IT again, they can fix it remotely (very rare as all accounts on servers are scanned).

If OIT finds out you were messing with this, and you are technically responsible, they will deny support on that machine and make you fix it, which sucks for you as it sounds like right now.

2/12/2009 10:27:06 PM

Quote :

"stumping the guy who is IMO the best there."

then he's a fucking idiot

and both of you are fucking idiots for even bothering to try. do what ^ said and be done with it.

2/12/2009 10:33:18 PM