For the previous thread, click here
Let's try again. The things you need to do are (1) Stop the file from running (2) delete all instances of the file on your computer (3) make sure the registry is clear of entries referring to the virus file to prevent the file from running every time you start computer.
In XP, first disable System Restore.
Then use taskmgr.com to open Task Manager (as before). If you see winlodr.scr running under the Processes tab, highlight it, and click End Process. When warned, confirm the action. Exit Task Manager.
Then try to run regedit (if you can't open it, use regedit.com). On the left hand side, highlight My Computer in regedit, click Edit, Find, and type in:
and click Find Next.
When you find an entry with winlodr.scr referred to, right click the highlighted entry on the right hand side and click Delete. Confirm the deletion.
Then press F3 on the keyboard to find the next entry of winlodr.scr. Continue the search using F3 and delete all entries containing winlodr.scr until the search of the entire registry is complete.
Then exit regedit.
Back in Windows XP desktop, use the Search function (as you did before) to search for all instances of winlodr.scr on your computer (making sure in Folder Options, View, that (1) you have ticked Show hidden files and folders (2) Unticked Hide protected operating system files (3) Unticked Hide file extensions for known file types). Try to delete them now. If you succeed, restart computer and see if you can run Task Manager and so on in the normal way.
If you can't delete them, note down the paths.
Then click Start, Run, type
and press Enter. The XP command prompt will open at the prompt c:\Documents and Settings\[YourUserName]>
At the prompt, type "cd c:\" wihtout the quotation marks, and press Enter. You should get the C:\> prompt. Then type:
and press Enter. At the c:\windows\system32> prompt, type:
attrib -s -h -r winlodr.scr
and press Enter.
Then type exit and press Enter to leave cmd. Then try to delete the file again.
[The above assumes that the file is at C:\WINDOWS\system32\winlodr.scr only.]
Whether or not you can delete the file in normal mode, restart computer in Safe Mode.
Immediately after POST, press F8 and then when you get a list of options, select Safe Mode. Open Task Manager, see if winlodr is running, if so, end process.
Then search again for winlodr.scr and if found, try to delete the file(s) in Safe Mode.
Then use Norton to scan computer again. Also check whether Norton has quarantined any virus files, and delete those quarantined files if any.
Restart computer in normal mode, and see if you can run Task Manager etc in the normal way.
If it still doesn't work, post back.