Terra wrote:I reinstalled spybot search and destroy since it wasnt workin properly and managed to eliminate the spyware problem, now i hav 3 infected files left and theyre all critical seriousness, I have now managed to move 2 of these to quarantine and they should be dealt with by tonite, but the other is a file which apparently is in permanent use and antivirus wont touch it until its inactive.
I have searched for said file where it should be but simply cannot find it, after removing the spyware my spybot asked permission to restart computer so as to render this file inactive but it fail everytime it tries - its something called RichVideoCodec ,what is this and why would it be in permanent use?
since this is an infected file i dont want it being used at all.
The RichVideoCodec.OCX is a DLL file that is registered when your computer is started.
Try running Combofix to see if this can remove the file or files.
If not you will need to unregister the file or files before they can be removed. There are several ways to do this but you will need to know where they are located. Double click on My computer and then your C drive. Then click on Tools on the menu bar and scroll down to Folder options. On the view tab make sure Show hiden files and folders is selected. If its not then select it. Then click OK and close out the window. Do a search for RichVideoCodec.OCX.DLL to see if you can find it. Once you find it click on Start/Run and type CMD and press enter. You should be at the command prompt C:\
Now type in the full path to where the file is located
example
c:\cd documents and settings
now your command prompt will be
C:\Documents and Settings>
type cd all users
now your command prompt will be
C:\Documents and Settings>All Users
type cd application data
now your command promtp will be
C:\Documents and Settings>All Users>Application Data
If the file was in this directory path C:\Documents and Settings>All Users>Application Data then you would type this at the end of the path
regsvr32 /u RichVideoCodec.ocx.dll
example
C:\Documents and Settings>All Users>Application Data regsvr32 /u RichVideoCodec.ocx.dll
a message should popup saying the file has been unregistered. You should now be able to either manually remove the file or run spybot to get rid of it. However if Spybot wants to reboot your computer the file will reregister itself and again Spybot will not be able to remove it.
I know it sound like a lot but its really not. But as always please be careful doing any of the steps as you can accidently make the problem worse. If you are not comfortable with doing these types of things find someone who is.
Hope this helps.