"labfuji" wrote:
> Install the Avira AntiVirus and unpon reboot, it say it found a file that
> contains suspicious code Heur/malware at location
> c:\winnt\system32\ratbgpi.dll. it gives me the option of quaratine/deny
> access. Choosing either option, the message still remains even after
> clicking
> many times
> I have also run AVG and Spybot 1.4 and all give a clean health.Any
> suggestion please, thanks

"philo" wrote:

>
> "labfuji" <labf***@discussions.microsoft.com> wrote in message
> news:0224986D-D70E-4F56-B854-D47A8A5A4DFA@microsoft.com...
> > Install the Avira AntiVirus and unpon reboot, it say it found a file that
> > contains suspicious code Heur/malware at location
> > c:\winnt\system32\ratbgpi.dll. it gives me the option of quaratine/deny
> > access. Choosing either option, the message still remains even after
> clicking
> > many times
> > I have also run AVG and Spybot 1.4 and all give a clean health.Any
> > suggestion please, thanks
>
>
> try just plain renaming it (such as ratbgpi.xxx)
> and if your system runs ok then delete it entirely
>
>
>

"philo" wrote:

>
> "labfuji" <labf***@discussions.microsoft.com> wrote in message
> news:0B59ABED-BCA0-4DF2-B545-792A683524FD@microsoft.com...
> > Do you mean remain the .dll file? thanks
>
>
> yes, rename the .dll file in question.
>
>
>

"labfuji" <labf***@discussions.microsoft.com> wrote in message
news:E1D54545-FAC7-42A8-B749-84BA809B3012@microsoft.com...
> Tried in normal and safe mode, cannot be renamed, it says 'file been used
by
> windows'
>
> "philo" wrote:
>
> >
> > "labfuji" <labf***@discussions.microsoft.com> wrote in message
> > news:0B59ABED-BCA0-4DF2-B545-792A683524FD@microsoft.com...
> > > Do you mean remain the .dll file? thanks
> >
> >
> > yes, rename the .dll file in question.
> >
> >
> >

"philo" wrote:

>
> "labfuji" <labf***@discussions.microsoft.com> wrote in message
> news:E1D54545-FAC7-42A8-B749-84BA809B3012@microsoft.com...
> > Tried in normal and safe mode, cannot be renamed, it says 'file been used
> by
> > windows'
> >
> > "philo" wrote:
> >
> > >
> > > "labfuji" <labf***@discussions.microsoft.com> wrote in message
> > > news:0B59ABED-BCA0-4DF2-B545-792A683524FD@microsoft.com...
> > > > Do you mean remain the .dll file? thanks
> > >
> > >
> > > yes, rename the .dll file in question.
> > >
> > >
> > >
>
>
> Then you will need to find out where the process is starting.
>
>
> You may have to look in the registry
>
>
> HKEY_LOCAL_MACHINE
> software
> microsoft
> windows
> current version
> run
>
>
> then delete the reference
>
>
>

"labfuji" wrote:
> expand run>optional components>
>           right pan
> IMAIL>default        REG_SZ     value not set
>           installed     REG_SZ      1
>
> MAPI>default        REG_SZ     value not set
>           installed     REG_SZ      1
>           NoChange  REG_SZ       1
>
>
> MSFS>default        REG_SZ     value not set
>           installed     REG_SZ      1
>
> So which DATA should I delete or modify
>
> Appreciate your follow, thanks

"labfuji" <labf***@discussions.microsoft.com> wrote in message
news:A0AAAC82-7AE7-4DA5-BA1F-6C6F6962ED03@microsoft.com...
> expand run>optional components>
>            right pan
> IMAIL>default        REG_SZ     value not set
>            installed     REG_SZ      1
>
> MAPI>default        REG_SZ     value not set
>            installed     REG_SZ      1
>            NoChange  REG_SZ       1
>
>
> MSFS>default        REG_SZ     value not set
>            installed     REG_SZ      1
>
> So which DATA should I delete or modify
>
> Appreciate your follow, thanks
>
>
> "