[Willie_Williams]

I'm trying to disinfect my daughter's XP Dell Inspiron Notebook, which is so under attack that she can't do anything. Two of these attackers are the "Casino" virus (which Symantec labels Adware.Jraun) and the "Adware.Websearch" virus. (I discovered the Adware.Websearch likelihood because among the ~45 processes running after booting are:

- WSG.exe
- radio.exe
- PIB.exe
- TBPS.exe
-VPC32.exe

I Googled WSG.exe and the Symantec site says this process is part of the Adware.WebSearch virus.

I ran a Symantec scan (in Safe mode) and it found nothing. (?!?!)

I can't find the "Golden Palace Casino PT" program in Add/Remove Programs, (Symantec says to remove it from there) so it must be doing something under the covers.

Anyway, in the Symantec "manual" instructions for removing the Casino virus, it says to go into regedit to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run and remove version.exe and keyhost.exe and HKEY_LOCAL_MACHINE\SOFTWARE\Redirectkey.

But none of these were there.

HOWEVER, there were all sorts of suspicious keys, like:

- adcomplusanalytic.exe
- exp.exe
- mmxp2passion.exe
- playandwin.exe
- Setup2-71.exe.exe

Can I remove these without worrying?

She's got dozens (maybe 45) executables being kicked off in this "Run" registry folder. This is excessive, isn't it.

I understand that if you can run hijackthis, you can get a list of running processes to show experts. But that computer is so overwhelmed that I can't get to IE, Mozilla, or Windows Explorer to download/transfer the hijackthis program.

Do you think restoring an earlier version of the system (via System Restore in Safe mode) might improve the situation?

Or would that probably not affect these viruses?

Thanks for any advice you can give,

- Willie Williams