I ran Clamwin and found a file it couldn't access due to 'permission denied'.
The file was a .DLL called nvrmn.dll which was loaded by WINLOGON.EXE and would not let me delete it or rename it.
I googled it and found it reported as a virus.
So: how do you get rid of a dll that wont let itself be deleted?
This is what I did and, touch wood, all's been well.
- Go to the Start menu, select Run and run REGEDIT (we're going to edit the Registry 1st)
- Find the dll - I typed Control-F, the name 'nvrmn'
- Change the entry to 'nvrmnSUS' (I was sure this name was not a file anywhere)
- Exit the Registry and restart Windows
- Go to Windows/System32 and rename or delete the dll. (I renamed it to nvrmn_VIRUS.dll.sus)
This same solution should apply to any dll you want to disable or get rid of loaded by the startup processes.
