Archived from groups: microsoft.public.windowsxp.help_and_support (
More info?)
Hi Chris,
Delete the file in Safe mode, but also the registry string that loads it.
You will likely find it here:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
--
Best of Luck,
Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org
"cctx" <cctx@discussions.microsoft.com> wrote in message
news:68E87AA5-D1A1-486C-9445-546D6458EA02@microsoft.com...
> Well, that was interesting. I restarted in safe mode but for some
> reason my AV software (Trend PC-cillin) wouldn't do a scan in that mode.
> I
> did run the spyware (Ad-aware SE) and cleaned out 4 malware and other
> junk.
> Not the pacis.exe. How about if I just find it and delete?
> Anyway, I'm wondering if my software (which updates very often,
> sometimes several times a day.) is functioning because when I do a scan
> the
> pacis.exe is not detected, but I've found it right there in System32.
> chris
>
> "Rick "Nutcase" Rogers" wrote:
>
>> Hi,
>>
>> C:\Window\system32 is the folder that houses the majority of the system
>> files. Your AV software is detecting that a malicious file, pacis.exe, is
>> in
>> there and is trying to tell you that it needs to be removed. As the file
>> is
>> likely active and resisting detection and removal in normal mode, your
>> best
>> bet is to do a full system scan with an updated AV program in safe mode.
>>
>> How to start in Safe mode:
>>
http://www.rickrogers.org/fixes.htm#Safe%20mode
>
>>
>>