I seem to have picked up a spy program that McAfee cannot remove. When I do a virus scan it picks the problem up but it cannot remove it. McAfee says it disables the problem but it cannot remove it and everytime i run a scan it picks it up again as active. Here is what it says the problem is

 

 

HKLM\system\currentcontrolset\enum\root\legacy_zesoft

 

Is this a problem I need to take further steps to remove?

I would try to google and follow the first link: http://forums.majorgeeks.com/showthread.php?t=179091

EDIT: Admittedly, it doesn't answer IF it is a problem; only how someone got rid of it. Point is: if you're not finding the answer to such a basic (and non-scientific) question within an hour on google, then no one here will be able to help you, either.

Edited September 1, 201015 yr by timo

Does it say that the name of this program is CoolWebSearch? Googling indicates that's associated with the registry key you listed there.

 

If you're running Windows XP and this is indeed CoolWebSearch (according to McAffee), look here for other known symptoms and a download that will nuke it off your computer:

 

http://free.antivirus.com/cwshredder/

 

(Trend Micro is a well-known antivirus vendor)

Does it say that the name of this program is CoolWebSearch? Googling indicates that's associated with the registry key you listed there.

 

If you're running Windows XP and this is indeed CoolWebSearch (according to McAffee), look here for other known symptoms and a download that will nuke it off your computer:

 

http://free.antivirus.com/cwshredder/

 

(Trend Micro is a well-known antivirus vendor)

 

 

Ok, i did the CWShredder and it said I had no problem, McAfee said it was CoolWebSearch and that it could only disable it, possibly it removed it as well. Next time it pops up I'll do the CWShredder again instead of letting McAfee disable it, thanks Cap'n

You could try restoring your computer to an earlier time and scan to see if the malware program disappears.

If all else fails you could do a system restore to return your computer to its state when bought but of course you lose all your programs and data - save what you can first!

I have an external hard disc which I use to store a mirror image of my C drive every now and then - so far I haven't had to use it. But in your position I would try that.

The trouble with external disks and an exact copy of your disk is if the virus gets copied onto the external disk, you're screwed.

 

Windows Vista and 7 come with Windows Backup, which handles backing up everything important and keeping versions of files, so if they're corrupted by a virus you can restore them to an earlier version. (I think it can do that. I've not had to restore anything with it yet.) Hard drives tend to fail inconveniently, so get an external disk and run Windows Backup if you can.

Agreed Cap'n - I meant a disc image captured from a time before the virus was imported. I keep images monthly and have several on the hard disc.