Q
Problem solve Get help with specific problems with your technologies, process and projects.

Removing the NetDevil 1.2 virus

Network security expert Wes Noonan explains how to remove the NetDevil 1.2 virus.

A user switched off his A-V to enable a session on the Internet to a support company and "forgot" to turn it back on. Result? Probable infection by 'Netdevil 1.2' virus as we now see security event 529 every 15 minutes relating to a bad logon by process Advapi. I ran every Anti-Virus and Anti-Spyware I can but still can't track down the responsible process or Registry hack. Any ideas?
What I would recommend is to try one of the commercial or freeware AdWare/Spyware removal tools such as HiJackThis or AdAware. If that does not work you can try to manually remove NetDevil by deleting the following file:

C:WINDOWSSYSTEMADVAPI.EXE And removing the RUN key registry entry for this file located at:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun

Read questions and answers from all of our Windows security experts here.

This was last published in April 2006

Dig Deeper on Enterprise desktop management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

Close