Hi, That file would be in your System Restore Volume...and your'e correct, no program can modify things there. The trick is to flush the infected Restore Points off the computer, you do this following these steps:
http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
Follow steps for ME or XP (your operating system)
Then, here is the short step by step to turn it off, back on, and create a new Restore Point:
Turn off System Restore:
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.Wait for hourglass to stop and it says
"Turned Off"
Restart your computer, turn System Restore back on and create a restore point.
To create a restore point:
Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
BUT> Are you certain you are malware free now?
If we take a look at a Hijackthis log> though it is not a 100% guarantee that you do not have something, it's a good tool that does show a lot of them.
There are directions here to do it: There are .zip form and .exe form, take your pick.
Download it here:
http://radiosplace.com/
Or here.
It's a direct download so be ready with the folder for it.
Basically, you create a new folder, the desktop is OK provided you make a folder, name it something like HJT, and download TO that folder, run hijackthis.exe from there. If there are users of the computer who might start HJT and use it, hide the program in a folder elsewhere!
When it is done scanning> the Save log button will become available, save the log as hijackthis.txt which will open with Notepad. Go back to TSG, open your post, and copy and paste the entire logfile into a reply in your thread (here) and wait for advice.
Please do NOT use HJT yourself to remove anything, most of what it shows is good and needed by the system.
http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
Follow steps for ME or XP (your operating system)
Then, here is the short step by step to turn it off, back on, and create a new Restore Point:
Turn off System Restore:
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.Wait for hourglass to stop and it says
"Turned Off"
Restart your computer, turn System Restore back on and create a restore point.
To create a restore point:
Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
BUT> Are you certain you are malware free now?
If we take a look at a Hijackthis log> though it is not a 100% guarantee that you do not have something, it's a good tool that does show a lot of them.
There are directions here to do it: There are .zip form and .exe form, take your pick.
Download it here:
http://radiosplace.com/
Or here.
It's a direct download so be ready with the folder for it.
Basically, you create a new folder, the desktop is OK provided you make a folder, name it something like HJT, and download TO that folder, run hijackthis.exe from there. If there are users of the computer who might start HJT and use it, hide the program in a folder elsewhere!
When it is done scanning> the Save log button will become available, save the log as hijackthis.txt which will open with Notepad. Go back to TSG, open your post, and copy and paste the entire logfile into a reply in your thread (here) and wait for advice.
Please do NOT use HJT yourself to remove anything, most of what it shows is good and needed by the system.
