I do not get a warm feeling from the testimonials that Spybot has "cured" Downloader DLuca.e virus infection.

Spybot is an excellent program, and I do use it. It is NOT an AntiVirus program. It removes adware and spyware, but is not intended to deal with virus infections. Downloader DLuca.e is a virus, and should be dealt with as such.

Since the "payload" in this virus is spyware, it is possible that it is disabled by Spybot, by removing the "reporting" program; but I am reluctant to believe that Spybot has removed the "viral" components without some confirmation that it is equipped to do so.

If you are using any version of Windows later than Win98, System Restore makes backups of the registry. If a backup was made while the virus was present on your machine, then you can be reinfected if the system decides to restore to that copy. NO PROGRAM can make changes to the "stored copies" held in system restore, which is why the procedure for removing this (and most) virus infections includes "dumping" the stored copies. Spybot CANNOT do this. Norton CANNOT do this. YOU must do it by turning off System Restore, and leaving it off until the virus is confirmed to have been cleared.

If your viral signatures were updated anytime after about October 2003, your Norton should have had a signature for at least one or more of the Downloader DLuca variants, and would be able to quarantine or delete any individual file that contains the signature for the virus. This will normally prevent the virus from "executing" to install its other components on your machine, and would normally cause Norton to stop reporting this virus unless you are reinfected. The "payload" that this virus installs is, however, "just another program" once it's in place, and Norton won't remove it automatically, since the "program" is not a virus. That's why there's a procedure for removal, to allow you do get "the rest of it."

Since the "payload" here is spyware, it is likely that Spybot would remove the spyware, but it would quite likely be reinstalled unless the Norton removal worked first and removed the viral component. If Spybot is able to remove the viral part of this, then it is doing something not described in its specification.

Note that any time you change the configuration of your machine, including addition or deletion of any program, System Restore will compare the registry at boot to the "last good" copy, and may replace any "keys" that were in a "last known good" version that it doesn't find in your new version. There are some "rules" that System Restore follows for this, but it's hard to make any general predictions about when or whether it will happen. This could be why you were getting repeated Norton hits on the virus - because you were putting it back from System Restore every time you turned the machine on.

It is possible that, because of the spyware payload, Spybot has been equipped to remove the whole thing, but it is NOT its normal purpose to deal with virus infections.

Norton did detect the virus for you, and had you used the removal procedure recommended by Norton, the entire thing would have been removed.

You may have successfully cleaned your machine by using both, in sequence. You should still clear your System Restore cache, for any Windows later than Win98, if you want to be confident that you won't be reinfected from that source. Just turn off System Restore, reboot, and then turn System Restore back on. [In Windows Explorer, right click on "My Computer," select "Properties" and then click on the "System Restore" tab, uncheck or check the "Turn Off System Restore On All Drives" box.]

You could use the Norton procedure to look for the files the virus would have installed, and to look at the registry keys where it would have made entries, if you want to be sure you're clean.

If you a comfortable with believing that you have successfully removed this thing, then by all means "drive on." I would make a few other checks, if it were my machine.

John