This will be a long post so please bear with me.
I need help getting rid of wincfg.scr.
It was in a message I downloaded from a newsgroup.
It tries to access the internet every few minutes the computer is running, and I get security alerts from my Norton IS about every 2 minutes that an inbound attack was attempted using this software.
The remote address for the inbound attack is: nevermind.hackarmy.tk. I can post the rest of the info from this message if it will be of any use.
The (outbound) attempt to access the internet alert reads "Generic host process for Win32 Services is attempting to access the internet".
I tried deleting it from the Windows/System folder (where it installed itself), but I get the "cannot delete. access denied source file may be in use" message.
I tried to disable it using msconfig, from the start/run menu, but the window doesn't stay open long enough to click on the "Startup" tab.
I tried running msconfig from dos, but got the same result.
I even tried to run regedit, but it closes immediately on opening as well.
I ran spybot, it seemed to eliminate the program (that was the message that appeared when I ran it), but wincfg.scr was running again the next time I booted up.
Virus scan didn't detect anything.
I tried to quarantine it with Norton AV, but that failed because the file is running.
It is not listed in the Start/Programs/Startup folder.
The first time I looked at the Properties tab, the only thing that wasn't blank was the version, and the language. Now it reads as a Microsoft program. I can post the properties info if that will help.
How do I get rid of this parasite? My system is really slow now, and the constant threat has me highly stressed.
I will really appreciate any and all help I can get. Thank you.