c:\_RESTORE\ARCHIVE\FS82.CAB

[rgdewar]

I have this virus on my machine. It can't be removed, deleted, renamed or moved to a chest. Could you please help me? Thanks, R

[Vlk]

What virus name does it report (this is not a virus name, it's the name of the file containing the virus).

Are you sure it's the _RESTORE folder? Is it really called like this?

Can you actually see the file in the Windows Explorer?

Thanks
Vlk

[rgdewar]

Thanks, The virus is named " Win32:Litmus [Trj]" Appreciate any help you can give me. R

[Vlk]

Could you please try to answer the rest of my answers?

Thanks.
Vlk

[.: Mac :.]

scan here http://housecall.trendmicro.com
post the name of the virus it finds so I can look it up in the trend virus database and find removal instructions

[rgdewar]

Thanks, The virus is named " Win32:Litmus [Trj]" Appreciate any help you can give me. R  The file is named exactly as posted. I can't seem to find it when I open the folder. The "_" doesn't seem to exist.

[.: Mac :.]

ok heres what trend says

MANUAL REMOVAL INSTRUCTIONS

Click Start>Run, type Regedit then hit the Enter key.
In the left panel, double click the following:
HKEY_CURRENT_USER>Software>Microsoft
>Windows>CurrentVersion>Run
In the right panel, right-click and then delete this registry value:
LTM2 = %Windows%\Litmus\MSGSRV32.EXE
In the left panel, double click the following:
HKEY_USERS>.DEFAULT>Software>Microsoft
>Windows>CurrentVersion>Run
In the right panel, right-click and then delete this registry value:
LTM2 = %Windows%\Litmus\MSGSRV32.EXE
Reboot your computer.
Scan your system with Trend Micro antivirus and delete all files detected as BKDR_LITMUS.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.
http://housecall.trendmicro.com

[rgdewar]

Thanks. Mission accomplished. I appreciate your help. R

[.: Mac :.]

youre welcome