The key will probably start with an asterisk. 6. Attempting to remove these entries causes the process to recreate the key.CauseThis issue is caused by an installed and unidentified virus or spyware application.ResolutionTo work around this issue, create an account I noticed in the startup a exe call libnet.exe was running and using alot of RAM.

Entries in the Run and RunOnce keys at HKLM\Software\Microsoft\Windows\CurrentVersion exisisted for those two executables preceeded by an asterisk. For the next two boots the RUN key in the registry for this program will re-populate itself so open the registry and delete the key, restart and do this again. At 4:15 UserB walked in and logged in. Hopefully someone at Citrix is watching this and can offer some help - I'm faced with wiping the machine to get it back in operation.HELP

I have now removed that entryI fould the DRVCMD.EXE.***** in the Windows/Prefetch directory and the other files hidden in the /Windows/Config and /Windows/System32Looks like the drvcmd.exe had a time of 5:40am Where would you recommend I go from here? Virtumundo, or a variant, to be specific.

I beleive that it is related to certain services that may have been "tweaked" to the manual or disabled setting on the machine suffering the problem. Short of wiping out of the hard drive, I'm at a loss. Are you getting any error messages? But these were the first we have seen.

Thanks for your help. I am having the same problem.Can someone explain Like the others listed in this thread, I was receiving the Error 1000 (no error text available) error on a Windows 2000 Pro SP-4 machine. The silly things will keep installing themsleves, so be ready to do battle. The FOR line might wrap on the forums.

The following is a report of our findings for each file you have submitted: filename: oleps.ex_ machine: Machine result: See the developer notes Developer notes: oleps.ex_ is an adware Some or Run regedit, search for the filename you found in step 2 and clean out the Run, RunOnce, RunServices.

Next do a file search using just the name (Example: cmdmfc). Several functions may not work. If you attempt to kill the running process it restarts itself.A work around to this is to give the user restricted access to the machine, this will keep the user from After reading the Knowledge Center information I thought it would be useful to others to have this information.http://www.neuber.com/taskmanager/download.htmlThe offending processes were:1.

They all us IE for the browser, so... I found the process in the HKLM reg, deleted it, was able to use Citrix for about 10 minutes before another process began that could NOT be deleted. Booted to safe mode with command prompt, removed the entries for regdb.exe and rasutil.exe, rebooted and citrix launched fine.

Please let us know the version of Norton 360 you use, you can find it from Support > About. It was over written. I was then able to remove the run once key entry without it being recreated.

So the one you kill based on task manager leaves behind a friend.

So I cant be 100% sure, or maybe its just the latest rev.2) Besides the main target, this program also leaves a backup copy with a new name.

Certain processes may restart when attempting to terminate them. In my case, i (thinking i was being so saavy) disabled the Background Intelligent Transfer Service (BITS). It looks like Malware from what I've found.

If it runs perfectly you just get a bunch of file not found [email protected] OFFCD /D %TEMP%cd..cd..cd..cd %1cd "Local Settings"cd TempCDattrib *.dat -S -H -Rdel *.datdir *.dat /b----------------EOF---------------------- Mounting it into anther machine allowed me to access the files without them being loaded and in use. A process is running that keeps recreating itself. I thought I had it fixed and today it started giving me the same trouble.Today I find that if I clear my history, delete cookies and temporary internet files using the

There will be several files associated with the exe file: a .DAT file and two or more .BAK files. It looks that it happends only by connecting on one of the citrix-servers.What is the reason. If the don't click on yes within the next 5 seconds they get the following error message:Cannot open the Citrix ICA Client [Error 1000:(no error text available)]It happends not every time. In addition, if a process successfully terminates, investigate the software associated with said process.

It is almost as if the spy-ware specifically targeted Citrix. Also, I've submitted the little heathens to Symantec for a definition update...I'm still wiating for an answer on that front. Try Free For 30 Days

If so, can you please explain to me how you resolved it.thanks I havent fixed any machines yet, but in my efforts to debuig a 2000 machine earlier, I ran across a file named dosutil.exe and it would not terminate in normal mode. Do a search in the registry for the name of the exe but do not include the .exe in the search just the name. (Example: cmdmfc)Delete all instances of this from

Reboot the machine7. From there I was able to delete the files causing the problem. When try to reinstall, it says "/system/currentcontrolset/control/virtualdevicedriver VDD " is invalid.