[ Home ]

the file is in the C:\windows\system32\ directory - you will need to have 'show hidden and system files' on in the folder properties, view file types or when searching for it nto be able to see it. There is also a registry key that runs the virus on startup and creates the dll in the above directory with a random name. This key must be deleted. Then delete the offending dll by setting it not read only. the key should be: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Diagnostic althought there are many variations on this virus so it may not be Microsoft Diagnostic but something else - basically if there is a strange key that you don't know what its doing under Run its probably the virus hope that is all clear as mud have fun

Clear as very thick mud. I tried searching with show hidden & system(assuming i was able to work out the german for "show hidden & system") but no joy. Don't understand what - "don't know what it's doing under run" means. Do I paste HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Diagnostic into Run or what. How do know what the fuck a "strange key" looks like when I don't even know what a "normal" key is? How do I locate and delete whatever is generating the random dll?

ok... go to start menu, select Run, type regedit this gives you access to the windows registry - the thing that makes windows slow... navigate to HKLocal Machine\Software\Microsoft\Windows\CurrentVersion\Run\ there you should find the virus launcher - Microsoft Diagnostic - delete it there will be other normal keys for programs that you expect to run when windows start - like anti virus, messenger, etc - this is what this section of the registry does be careful though as editing the registry can fuck your machine have fun