Wunfluova,

If you are hesitant about mucking around with the registry - don't do it.

Firstly weigh up, is it better just to back up your data and reinstall Windows as suggested.

You do need to increase your armoury.

AVG is excellent, so is Adaware. The problem is that there is no GOOD all in one solution.

This is what I use on my computer and have never had a problem:

AVG
Spybot
Adaware
CCleaner
A-Squared
ZoneAlarm

As long as you keep these up to date and do regular scans, you will be very unlucky to get infected.

I find a-squared one of the best, and all of these are free.

For troublesome removal I recommend scanning with Ewido in safe mode through the Administrator's account (make sure you have enabled showing system and hidden files and operating system files in the "view" section of the control panel).

The final workaround is Spyware Doctor - you have to pay for removal, BUT it shows a log of problems and you can manually fix because the trace residency is shown.

If you've tried all of this....post a hijack this log to a support forum and they will help you. Make sure you have scanned your computer with all the above programs in safe mode before running the hijack this program.

Yep, your spot on shaun. This is one smart Trojan, not a simple virus.

No single program will remove this Trojan [Kasperski ...might] as there is quite a bit of manual stuff to do as well. It is certainly beyond any of the spyware removers and a hijackthis log will only bring up [some of] the problem but will not rid the PC of it alone. A highjack this log e***** was taking someone through the [quite a few] steps to rid a guy's PC of it, but in exasperation told the guy to download 'killbox' and follow the instructions he provided [I copied them here]. Did the trick straight away!!

From the guys logfile, this is the problem:
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent

Thanks again all who contributed their thoughts. In the end it was all painfully simple. (assuming there aren't remnants of the program that I am not aware of)

I downloaded Killbox to my desk top in preparation but didn't have to use it. I simply restarted my computer in safe mode (had never deliberately done this before so that is something I have learnt today) then went to program files and was able to delete the License_Manager directory - which I couldn't do in normal mode. I then went to Add/Remove programs and was able to remove the remaining 'link'.

I haven't had any IE script errors since rebooting, so hopefully the problem has been resolved.

Wunfluova

If you run Macromedia Flash make sure you have the latest version. The following versions are vulnerable to movie pass:

* Flash Player 8.0.22.0 and earlier
* Flash Professional 8
* Flash Basic
* Flash MX 2004
* Flash Debug Player 7.0.14.0 and earlier
* Flex 1.5
* Breeze Meeting Add-In 5.1 and earlier
* Adobe Macromedia Shockwave Player 10.1.0.11 and earlier

If you have any of these in your program files remove them:

AltPayments,
Download Manager
Media PipeMyAccessMedia, or
P2Pnetworks.

or below in a highjackthis log:

O4 - HKLM\..\Run: [MediaPipe P2P
Loader] "C:\ProgramFiles\p2pnetworks\mpp2pl.exe" /H

They are all part of movie pass.

Good luck.

Crash - I'm using Flash Player 8.0.24.0 so I assume that is safe? Appreciate your comments.

La Mer

Your version is fine I think. You might like to upgrade to the latest 8.0.5.0 when you have time.