If your ISP says that your machine has been mailing SPAM, you may have more than a virus.

A virus is that little malicious program that gets onto your machine without your permission. Every virus has a "payload" of some sort. In the old days (a few months ago) you could assume that deleting the virus would clean things up. THAT IS NO LONGER TRUE.

The "payload" carried by a number of recent "infecting agents" has been "downloader scripts" that connect you to a malicious website, where other programs may be downloaded to your machine. Since the "downloader" has to trick your machine (and your AV) into thinking you've given permission for the download, your AV does not generally recognize these downloaded routines as a virus - and in fact they are not, according to normal definitions.

The majority of the most noted recent "downloaders" have attempted to put spyware, frequently keystroke loggers, on the machines they attack. A few have been used to create "open server" connections that a "spammer" can use to relay junk, making it appear that it originated from your machine.

Once the original download script has executed and put the program on your machine, removing the virus will NOT NECESSARILY remove the malicious program(s). Most of the recently observed ones can be found by antispyware programs like Spybot and/or AdAware, although a few have been found that are not detected by any commonly available "general purpose" antispyware program.

Your ISP informed you that you have a virus, because that's what gets peoples attention. In all probability, the only information your ISP has is that SPAM email has been coming from your machine. Your ISP has no way of knowing which of several "programs" is controlling your machine, or of knowing which of several viruses were used to get the program on your machine. While it is remotely possible that someone has just faked your address, with currently extant malware it is quite likely that your machine has been taken over and is being actually used as a relay server to send the spam.

The first, and MANDATORY step in getting things cleaned up is to TURN OFF SYSTEM RESTORE if you are using a Windows version that has it. I frankly don't know whether that's a feature of WinME that I believe Sorcha was using last October, and I don't know what system is on his. If you leave System Restore turned on, the next time your reboot it may restore any Registry entries that have "disappeared," which may reinstall the virus and any other malware you've attempted to remove. Turning off System Restore will DELETE all old copies of your Registry that may contain infections or that may call infected or malicious programs.

The second step is to go to any major AV website and get a good scan for viruses, and make sure that they get removed. Infected files that can't be deleted because they're "in use" can often be terminated using Task Manager in recent Win versions, after which the files can be deleted; but it may be difficult to tell which "process" is using a given file. In any Win version, you should be able to use a Safe Mode boot to delete the files.

After you have cleared VIRUS infected files, you should check for Spyware programs, using AdAware AND Spybot, and/or any of the other good programs.

IF THERE ARE STILL problems, the only good recourse is to use Task Manager to see what processes are running, and work through them to eliminate any that shouldn't be there. This will probably require EXPERT assistance that you will not find at mudcat.

There have been no significant numbers of reports of such infections for people who keep their Windows updates current, who keep their AV signatures current, and who ALWAYS run a good AV - but you might always be the exception, since there are new kinds of malware daily.

John