Hey guys,Recently I have been bogged down with spyware and it has started slowing down my resources.I have SpyBot, Adaware, Microsoft Anti Spyware and the rest but this one spyware/virus in particular cannot be removed. I have run numerous anti virus scans to be sure.It's in my running processes and called "dvdplay.exe". It uses about 30mb of memory and uses some CPU power. It only ever launches when I open Internet Explorer. I have tried rebooting in safe mode to delete it, but to no avail.Is my only option to reformat?Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

Probably it's the mass-mailing worm W32.Duksten@mm, which always tries to infect the following files if they exist: * C:MircMirc32.exe * C:WindowsDefrag.exe * C:WindowsNotepad.exe * C:WindowsDvdplay.exe * C:WinampWinamp.exeSee: http://securityresponse.symantec.com/[email protected]and follow the instructions given to remove it.Jozef http://pluizig.ath.cx/signature.jpg

It's not a virus as I have done numerous anti virus scans.Does anyone have any suggestions?Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

Firstly, go download spybot search and destroy,then download lavasoft ad aware.Update both of them using their automatic updaters, then run full scans on your system, with both of them. Reboot your computer if it says it's found something it can't delete without a reboot.After this, follow these directions please-start-run-regeditfinddvdplay.exedelete any entries that are found referring to that item.start-searchsearch all local hard drives for all files and foldersdvdplay.exepermanently delete any files that come up, including hidden or socalled 'system files'.start-run-msconfigclick the startup tab at the far top rightdisable any entries that mention dvdplay.exe in them

Many thanks I will get back to you soon.Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

After successfully removing the dvdplay entry from registry and all the files found relating the file on my computer, it still seems to have produced itself again when I launched Internet Explorer.Anymore tips? This must be some kind of worm.Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

When you say that you have done numerous virus scans has it been with different scanners or always the same one? If you have used more than one which ones have you used? I have noted on numerous occasions that Norton has missed various items allowing a computer to become infected and remain infected and only scanning with another scanner has picked up the offending virus. I am not picking on Norton because others will allow things through on occasion too. Philip Olsonhttp://www.precisionmanuals.com/images/forum/supporter.jpg

Alexander,You may wish to try this.Do a Google search for "Hijackthis.exe" space "+ download".Follow the instructions.This program will eleminate all superfluous, unnecessary andspyware links in your registry.Regards, JAH - Los Angeles.

I already have hijack this and in the report it identifies the malicious dvdplay.exe but it is not on the fix list to remove.Somehow it is not there to be ticked.I have used AVG, Norton, Housecall, Panda etc.Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

>I already have hijack this and in the report it identifies>the malicious dvdplay.exe but it is not on the fix list to>remove.>>Somehow it is not there to be ticked.>>I have used AVG, Norton, Housecall, Panda etc.>>Regards,>Alexander Martin.>----------------------------------->TMPRADIO DJ>Onair Monday - Friday 1900GMT @>http://www.tmpradio.comThis is more likely a 'worm' then a virus and therefore, an antivirus program can't necessarily detect, never mind remove it.I suggest you d/l a copy of the MS antispyware program and use it. You can also try a Google search with dvdplay.exe in the search bar which will lead you to removal instructions.The methods you have employed thus far are merely taking you in circles; this 'bug' is replicating itself after your so-called cleaning and it's time to adopt a more aggresive approach.

It may be overkill - but formatting is a great way to clean things up. Only problem is if it infects your backups you'll just get it back again.

Have you tried Jozef K's advice?

I followed his instructions in safe mode but it didn't find anything malicious.I have Microsoft Antispyware anyway, which didn't find it.Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

Beware that some of these worms will modify the files used by various spyware "catcher" programs. Hijack this for instance uses a file which contains entries marked as "safe" by the user. Some of the spyware hacks this file, making it appear that no malicious entry is present. The only sure fire way to remove spyware is to find out which processes are spawned by spyware, boot into safe mode, and delete the process exe's and dll's and registry entries. That, and remove the Hijack exploits from IE which will redirect a user to an infected page as soon as they reopen IE, causing a new infection. It is also best to disable "Active Scripting" in IE until one is sure the spyware is gone.We have a rule of thumb on our WAN--if someone (an "unlocked" user) manages to infest their laptop or workstation and it takes more than fifteen minutes to research, we reimage their workstation and lock them down.-John

Nothing I've done has worked.Is my only option to reformat.Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com