A user switched off his A-V to enable a session on the Internet to a support company and "forgot" to turn it back on. Result? Probable infection by 'Netdevil 1.2' virus as we now see security event 529 every 15 minutes relating to a bad logon by process Advapi. I ran every Anti-Virus and Anti-Spyware I can but still can't track down the responsible process or Registry hack. Any ideas?
What I would recommend is to try one of the commercial or freeware AdWare/Spyware removal tools such as HiJackThis or AdAware. If that does not work you can try to manually remove NetDevil by deleting the following file:
C:WINDOWSSYSTEMADVAPI.EXE And removing the RUN key registry entry for this file located at: HKLMSoftwareMicros...
Read questions and answers from all of our Windows security experts here.