I have a virus that prevent me to open the Nvidia control panel. It seems to be embedding itself in c:\document&settings\admin\local settings\app. data\microsoft\windows

there is only 2 files in this sub-dir

usrclass.dat
usrclass.dat.log

but when I scan w/ a anti-virus, I got an Open error, because the OS is using this file.

What can be done?

reformat :D

seriously man in my experience a good virus is hard to remove totally, and even if you do chances are you end up with a shredded registry.

http://www.eset.com/onlinescan/

Give that a full sweep and see what happens.

boot into safe mode and delete those files?

I try the safe mode. Turns out the OS uses those 2 files at the safe mode as well.

Boot off a UBCD for Windows CD (http://www.ubcd4win.com/) and mess with them from there?

Too risky. I try some sort of software like that. In the end, it wipe out the entire hard drive.

What I was thinking is to restore from a previous restored point, would that remove the virus?

are you sure it is a virus?

Uninstall your NVIDIA drivers and see if it takes them with it.

usrclass is where user profile information is stored. What made you think you have a virus? Some scanner alerted about it?

Usrclass can generate errors if your registry size is too small, profile corrupt etc.

You could try to remove and regenerate your user profile to see if that fixes the problem. Or try creating another temp account and see if you can access nvidia from there.

google and install unlocker. Then unlock those files, after you unlock those files, then rename or delete them....

google and install unlocker. Then unlock those files, after you unlock those files, then rename or delete them....

Which will render all his profiles corrupt and he'll probably have to reinstall his os. I'd try making another profile first.

I have a virus that prevent me to open the Nvidia control panel. It seems to be embedding itself in c:\document&settings\admin\local settings\app. data\microsoft\windows

there is only 2 files in this sub-dir

usrclass.dat
usrclass.dat.log

but when I scan w/ a anti-virus, I got an Open error, because the OS is using this file.

What can be done?

Easy fix fella... just boot into a different windows profile then delete the files.

Sorry I wasn't here sooner.

If I do that, and when I re-login to my original profile, would XP Pro even boot up? Because what does Usrclass.dat do? And can XP Pro re-create it?

If I do that, and when I re-login to my original profile, would XP Pro even boot up? Because what does Usrclass.dat do? And can XP Pro re-create it?

The file mostly contains user setting information... search the internet to find all the details. XP Pro will recreate the file as the profile customizes user settings the file is updated.

I just thought of something: If I create a 2nd user profile, login as that 2nd user, shouldn't I be able to use my anti virus to remove the virus on that file since it is no longer an open file, as such, no more open error?

the truth is, in windows the only true way to get rid of a virus totally is to reformat or wipe the hard drive and then fully reinstall the os. Anybody who tells ya otherwise is lying.

the truth is, in windows the only true way to get rid of a virus totally is to reformat or wipe the hard drive and then fully reinstall the os. Anybody who tells ya otherwise is lying.


I've worked in the computer industry 10+ years for some of the largest companies and deal with all sorts of server issues and workstation issues which includes viruses and spyware. An attitude of " Any virus means format and reinstall " would never allow you to advance in the IT department and they would definitely keep you away from the servers.

I just thought of something: If I create a 2nd user profile, login as that 2nd user, shouldn't I be able to use my anti virus to remove the virus on that file since it is no longer an open file, as such, no more open error?

The anti-virus software won't edit the existing file... it will quarantine and/or delete the file.

I'm going to give your idea a go. Thanks a lot. As soon as I done the daily backup

Any virus means format and reinstall[/I] " would never allow you to advance in the IT department and they would definitely keep you away from the servers.

Yea, but that is in the IT business where companies can't afford to wipe their HDD's. You can't guarantee that the HDD is completely virus free either even though you may tell them it is. The only truly way to guarantee a HDD is virus free is to do a secure wipe.

Yea, but that is in the IT business where companies can't afford to wipe their HDD's. You can't guarantee that the HDD is completely virus free either even though you may tell them it is. The only truly way to guarantee a HDD is virus free is to do a secure wipe.

Managing important servers you quickly learn to know exactly all the processes, applications and services which need to be running. Tools exist which allow you to monitor what is running on the system(s) and identify what shouldn't be running. Scans from two or three different anti-virus softwares at different times(never the same time) will remove virus(es) 99% of the time and/or disable the virus from working allowing productivity to run solid again. A few scenarios may cause a virus to cripple an operating system where even after the virus is removed/disabled a format and reinstall is needed and some viruses are much much worse than others.

I fixed it. In the end, I'm not entirely sure if it were a virus. I created a 2nd user, go to the first user and del. those 2 files.

However, while I was using the 2nd user acct., I launch nvidia control panel and it launch. So if there is a virus that does that, it should't launch it.

so after I go back to the 1st user, everything works. IT's possible that usrclass.dat is corrupted and gives error, and somehow CA Antivirus thinks it's an error.

Anyhoo, thanks everyone

Managing important servers you quickly learn to know exactly all the processes, applications and services which need to be running. Tools exist which allow you to monitor what is running on the system(s) and identify what shouldn't be running. Scans from two or three different anti-virus softwares at different times(never the same time) will remove virus(es) 99% of the time and/or disable the virus from working allowing productivity to run solid again. A few scenarios may cause a virus to cripple an operating system where even after the virus is removed/disabled a format and reinstall is needed and some viruses are much much worse than others.

You just admitted that you can't guarantee a virus is removed or what other damage it may have done to files. How do you know if a virus is laying dormant attached to another file(s) or not? AV progs are not 100% accurate, far from it. I have a process explorer too but expecting a home user to know what each and every process is or is supposed to be doing is ridiculous. Once agai,. for most people when you are sure you have a virus you should do a secure wipe instead of spending hours or even days trying to fix it. And your point of contradicting that fellow up above was what exactly?

I've worked in the computer industry 10+ years for some of the largest companies and deal with all sorts of server issues and workstation issues which includes viruses and spyware. An attitude of " Any virus means format and reinstall " would never allow you to advance in the IT department and they would definitely keep you away from the servers.


NTjedi while I respect your answer I must say that I have been a systems engineer at a fortune 500 company for 14 years now. My main focus at the company is security and operations.

The idea that you could not wipe a drive is ridiculous. If you truly understood servers, you would not have your employees having files on individual computers, or some unsecured server. We keep all work centralized at 3 locations around the world and use a system which resembles SVN.

Employees connect via a filter server, then filter server connects to main servers. Filter server are a windows platform. Main servers run FreeBSD. Main servers are for storage and backup. Filter servers are simply there to scan and do parrity on files.

Now our employees use windows xp machines and we have a leading anti virus installed on all. We do this as this is what they are most comfortable with. Filter servers also run windows but simply have more advanced detection running on them and also check files for errors and such. If some sort of exploit is found on the files from an employee, then the filter servers try to clean, then automatically the files are stripped for raw data and it is reassembled into a file that will run on the main servers, these files then hold all backup data for recovery such as in ms office products. Since the main servers are BSD based, any windows based infection will not survive. We even have advanced detection systems on the bsd machines, just in case.

Any employee who's computer is infected, will that night be wiped and a fresh image will be installed. the worker comes back and does not even notice it.

I apologize for not reading the whole thread. Two solutions, as briefly as I can put them:

1) Create a new user. Copy Docs over to the new user. Delete the old user, check for "virus"

2) Re-install. Just do it.

Filter servers also run windows but simply have more advanced detection running on them and also check files for errors and such. .

what's the name of this software that does adv. detection? And are these just simple blade server using as filter server?

Also, in a man power pt. of view, to format a hard drive each time there is a virus, wouldn't that be a major undertaking for IT admin. pt of view? Everyday, employees receives attachment from other co., they can have virus from those other co., so they can have virus daily.

The idea that you could not wipe a drive is ridiculous. If you truly understood servers, you would not have your employees having files on individual computers, or some unsecured server. We keep all work centralized at 3 locations around the world and use a system which resembles SVN.

Obviously you didn't read my responses very closely. I NEVER said you could not wipe a drive. I'm not even sure where you get this idea. :confused: ? Maybe you're not getting enough sleep.


Employees connect via a filter server, then filter server connects to main servers. Filter server are a windows platform. Main servers run FreeBSD. Main servers are for storage and backup. Filter servers are simply there to scan and do parrity on files.

Now our employees use windows xp machines and we have a leading anti virus installed on all. We do this as this is what they are most comfortable with. Filter servers also run windows but simply have more advanced detection running on them and also check files for errors and such. If some sort of exploit is found on the files from an employee, then the filter servers try to clean, then automatically the files are stripped for raw data and it is reassembled into a file that will run on the main servers, these files then hold all backup data for recovery such as in ms office products. Since the main servers are BSD based, any windows based infection will not survive. We even have advanced detection systems on the bsd machines, just in case.

Any employee who's computer is infected, will that night be wiped and a fresh image will be installed. the worker comes back and does not even notice it.

Thanks for the details, but as mentioned earlier you've misunderstood my posts and went sailing into a new direction. As a review... any virus does not mean a system has to be formatted and reinstalled as a system can recover 100% from a virus yet this depends on the virus and the damage its done. To believe a virus requires formatting the drive means you're not understanding the whole picture. "A wise king considers all his options and then makes his decision." MacBeth

You just admitted that you can't guarantee a virus is removed or what other damage it may have done to files. How do you know if a virus is laying dormant attached to another file(s) or not? AV progs are not 100% accurate, far from it.
Exactly... yet computer viruses hit businesses every day including environments using laptops remotely which are not always running at night with important data and businesses rarely have to format all the servers and workstations as a result of a virus. It's only the inexperienced users which choose to stay in the dark which should format their harddrive. If these forums were called Grannys Computer Forums where the majority of users were old grandmothers then I'd advise the general community to format when encountering a virus... yet these are the hard forums where the average user is experienced or very experienced or beyond.



I have a process explorer too but expecting a home user to know what each and every process is or is supposed to be doing is ridiculous. Once agai,. for most people when you are sure you have a virus you should do a secure wipe instead of spending hours or even days trying to fix it. And your point of contradicting that fellow up above was what exactly?

Anyone who is completely clueless about viruses and chooses to remain clueless about viruses should definitely do a secure wipe. I've rarely had viruses hit systems I've been using yet when one is picked up across the network it's never taken me more then 40minutes to clean and stablize the system.
My point of contradicting the fella above was that a virus does not always require a format and reinstall. These are the hard forums so most users will have intermediate skills or better unlike an 85 year old grandmother. ;)

Also a complete format is not always and option for many (especially companies) and frankly is a last resort for many.

what's the name of this software that does adv. detection? And are these just simple blade server using as filter server?

Also, in a man power pt. of view, to format a hard drive each time there is a virus, wouldn't that be a major undertaking for IT admin. pt of view? Everyday, employees receives attachment from other co., they can have virus from those other co., so they can have virus daily.

The software is named Sphinx and it was made for our company by eset. And no its not really a big undertaking, we do it via the network and it takes no more than a hour during the middle of the night 100% automated.

No not Blades.

Obviously you didn't read my responses very closely. I NEVER said you could not wipe a drive. I'm not even sure where you get this idea. :confused: ? Maybe you're not getting enough sleep.



Thanks for the details, but as mentioned earlier you've misunderstood my posts and went sailing into a new direction. As a review... any virus does not mean a system has to be formatted and reinstalled as a system can recover 100% from a virus yet this depends on the virus and the damage its done. To believe a virus requires formatting the drive means you're not understanding the whole picture. "A wise king considers all his options and then makes his decision." MacBeth

No a wise king leaves no chance of vulnerability to his empire.

Exactly... yet computer viruses hit businesses every day including environments using laptops remotely which are not always running at night with important data and businesses rarely have to format all the servers and workstations as a result of a virus. It's only the inexperienced users which choose to stay in the dark which should format their harddrive. If these forums were called Grannys Computer Forums where the majority of users were old grandmothers then I'd advise the general community to format when encountering a virus... yet these are the hard forums where the average user is experienced or very experienced or beyond.



Anyone who is completely clueless about viruses and chooses to remain clueless about viruses should definitely do a secure wipe. I've rarely had viruses hit systems I've been using yet when one is picked up across the network it's never taken me more then 40minutes to clean and stabilize the system.
My point of contradicting the fella above was that a virus does not always require a format and reinstall. These are the hard forums so most users will have intermediate skills or better unlike an 85 year old grandmother. ;)


I have a PHD in "Assurance in information mining on distributed systems" . I also have a clearance of level sci in mctl and have worked on numerous DOD projects.

Now you may call me clueless in vulnerabilities and thats fine, but I still believe in the highest standards of information assurance and stick to my ways of operation. It may take you 40 minutes, though I operate on a much bigger scale. I have hundreds of thousands of computers I must secure worldwide, I still choose my methods.

Yea, what he said. Restoring an image takes all of ten to twenty minutes. Claiming this is an enthusiasts forum is weak too. Being a computer enthusiast doesn't make you an expert in every field of computing. Being an enthusiast just means you have above average interest in computing and computers.

Wow, that was a lot of flexing. The OP solved his problem. Move along, nothing to see here...

No a wise king leaves no chance of vulnerability to his empire.

A wise king KNOWS vulnerabilities will always exist within this world... no chance of vulnerability means having zero internet access and one user.
:rolleyes:

I have a PHD in "Assurance in information mining on distributed systems" . I also have a clearance of level sci in mctl and have worked on numerous DOD projects.

Now you may call me clueless in vulnerabilities and thats fine, but I still believe in the highest standards of information assurance and stick to my ways of operation.

I never called you clueless yet as usual you always misunderstand my posts and then go on a war path. I will review AGAIN... a summary of my posts:
A virus does not always mean the system has to be formatted and reinstalled. Anyone who chooses to format and reinstall a home system without any research into the type of virus then they are choosing the remain clueless about what happened. Within your large scale environment it's possible to format and reinstall the systems for those users and is done to save money. The systems people use at home are not environments with thousands of systems being managed.


It may take you 40 minutes, though I operate on a much bigger scale. I have hundreds of thousands of computers I must secure worldwide, I still choose my methods.

I work as a technical account manager helping manage, plan and troubleshoot major issues made by the highest IT levels of MULTIPLE huge companies such as GE_Corporate. I deal more with the servers and live databases where formatting is not an option. It's easy for a home system to format and reinstall yet to do so without investigating/troubleshooting the issue means choosing to remain clueless. The large scale environment you manage is able to format and reinstall the systems because they are able to store all important data elsewhere. I usually don't hear about the users being managed by systems engineers unless those teams have a reoccuring issue which they cannot resolve. I have always quickly advanced within the IT field because I'm always thinking out of the box and approaching issues with multiple ideas... instead of always following a one way guideline such as virus equals format harddrive.
On a side note I work from home 80% of the time and travel on business a month or two out of a year.

Yea, what he said. Restoring an image takes all of ten to twenty minutes. Claiming this is an enthusiasts forum is weak too. Being a computer enthusiast doesn't make you an expert in every field of computing. Being an enthusiast just means you have above average interest in computing and computers.

Restoring an image means losing some data, settings, registry entries, and hardware/software updates between the time the image was last saved. Only data stored on a separate harddrive would not be lost, yet then you're not formatting your entire system from the virus which has you so scared.
In the hard forums when you're giving advice in the forums you're giving advice to individuals which have above average interests/experience in computers. Advising all these individuals to BLINDLY format and reinstall after the appearance of any virus is telling them to remain clueless anytime a virus strikes.