I recently got to play with a Windows 2000 machine and noticed in passing that it had been infected with Outlook Express, a widely-used virus distribution mechanism created by Microsoft (apparently it masquerades as some sort of mail client in order to fool users into using it). Recognising it as a security threat, I tried to remove it from the system. Unfortunately this is rather tricky, since the program incorporates sophisticated stealth capabilities which mirror those found in the more powerful viruses. It can't be uninstalled (since it's, ahem, "an integral part of the operating system"), and the files themselves can't be renamed (to render them unlocatable) or removed - any attempt to alter them results in them being replaced within seconds by an unmodified copy, a novel innovation which other virus writers don't seem to have had the freedom to create. In order to eliminate the problem, it's necessary to go to the (hidden) \winnt\system32\dllcache\ directory and first delete the mirrored copies of the binaries which are hidden there, after which it's possible to then delete the actual copies without them being restored in the background. A more long-term solution to the problem (which involves a Red Hat CD) is currently being investigated. Peter.
