Archived from groups: alt.comp.hardware.pc-homebuilt (
More info?)
U-571@ship.com wrote:
> I have a virus, somewhere in my Win2000 PC, called mshtml3.exe. I
> can't find the file to remove it.
Windows Explorer. Search.
The few references I could find for that one placed it in either
\winnt\temp (or C:\WINDOWS\Temp\ depending on your install) or \Documents
and Settings\YOURUSERNAME\Local Settings\Temp\
But that's no guarantee. Try there first, and then search, regardless.
> My virus software, AVG, identifies
> the virus as a "trojanhorsedownloader.generic.EVK, but can't delete
> it.
It should have quarantined it in their "Virus Vault."
> I have found some very involved instructions for removing the
> virus.
For which virus?
Technically speaking, that one isn't a virus. It's purpose is to download a
trojan, assuming the name given is representative, but their 'searchable'
Virus Encyclopedia doesn't have their own name,
trojanhorsedownloader.generic.EVK, listed so I can't say for sure.
> Question:
>
> Can I just reformat the partition, or zero out the entire HD and
> eliminate the virus? That would be much easier than trying to save
> the currently installed OS.
Yes, formatting the drive will get rid of it but I wouldn't say it's
easier. It's easier to either empty their Virus Vault, where it should be
quarantined, or, if for some reason AVG didn't quarantine it, boot to safe
mode, search the hard drive for it, and delete the thing(s).
You can't delete a file that is in use, which is probably why AVG couldn't
delete it, but safe mode doesn't run anything so it should be dormant and
removable.
The run a full virus scan in safe mode. I think AVG will allow a safe mode
scan but if not then run one first thing on a normal bootup.
From the skimpy information I could find that one doesn't look unusually
tenacious but if it 'comes back' on a reboot write down the reported file
names and repeat the safe mode delete process but add...
Run "regedit" (without the quotes), search for the file names you wrote
down and delete any entries with those names.
Then continue on like the first time through. I.E. Another virus scan.
If that doesn't do it then consider the format solution.
>
> Thanks for helpful suggestions.
>
> BG
>
>