If possible, you need to go to the Norton (or any other good AV maker's) website and see if you can find details on the virus that you removed. While you are there, you should let the AV site do a remote scan to make sure that you don't still have a virus on the machine.

There are very few instances with XP in which it's necessary to run Norton in Safe Mode (or to use Safe Mode at all), so it must be assumed that you had one of the really nasty ones. A few recent ones attempt to disable or corrupt the AV files on the machines that they infect, and do occasionally succeed.

Even if, perhaps especially if, you don't remember the name of the virus, or can't find it, a remote scan via an AV website is recommended. Since you're using Norton, it would be well to let the Norton site scan your machine AND do a manual run of Norton Update. This will make sure that the virus was successfully removed, that it wasn't restored (see below), and that your AV hasn't been corrupted by it.

In normal operations, System Restore is a reliable function, and for normal operations it should be turned on. You should almost never need to manually request a System Restore, but XP may use it - without even telling you - to make minor patches when you reboot.

The difficulty, when there is a virus involved, is that System Restore may have recorded a "last safe configuration" in which the entries made by the virus have already been made in the registry. If this is the case, running System Restore will "reinstall" the virus.

The backup files that System Restore makes are specially sequestered, and even Norton - even in Safe Mode - is not supposed to be able to touch them. The only approved method for deleting old and possibly contaminated backups from System Restore is to simply TURN OFF System Restore. When you do this, all stored copies are deleted by System Restore itself, which is, by design, the ONLY utility that is ever supposed to be able to access them.

You should not turn off System Restore unless there is a known good reason for doing so, as when it is recommended by the instructions for removing a specific virus. If it is needed, you will find "how to turn off" instructions in the virus removal procedure that you should get from a reliable AV source. You should turn System Restore back on when you've solved your problem.

There is the possibility in this case that you do just have a sticky keyboard. If you have an old keyboard around, swapping it, rebooting, and seeing if Ctl-Alt-Del works would tell you. (You can use a very old junker, since only those three keys really have to work to try it out, as long as it "connects" on boot.)

Ctl-Alt-Del can sometimes take a seemingly long time to turn on Task Manager, if the CPU is "very busy." If the CPU is busy enough to prevent Task Manager from opening, then you probably have problems elsewhere. Corruption of files by your virus, reinstallation of the virus from System Backup, or a new virus are Mong the possibilities. You can use other management tools via Start - Ctl Panel to try to find out what's going on, but you're not likely to find out much this way without an experienced helper who can get to your machine. You might get a clue by opening System Monitor (Start - Programs - Accessories - System Tools) to see if the CPU is locked up at 100%.

WinXP (and Win2K) also allows you to reset the Ctl-Alt-Del combination to be required for logon. If this reset is done, deliberately or accidentally, the key combination will give you a logon screen. ONE of the options offered on a "window shade" list is to run Task Manager. This (rarely) might happen if a virus or spyware program has attempted to insatll itself on your machine as a separate user.




You should also be able to Right-Click on a blank spot on the Task Manager toolbar at the extreme lower right corner of you screen (If you haven't moved your toolbar), Select Task Manager from the list to open it. This will at least tell you if there's a problem in Task Manager.

John