My question is regarding virus infections in general which modifies a user's Windows Registry such as what happened on my system.
My understanding is that the registry is NTUSER.DAT in the user's "Documents and Settings" folder. So what happens on a multi-user system (which is almost always the case in XP, where you have "Administrator" and the main user) where there are different copies of the registry. Does each userID's registry get infected in turn as you log into that ID? Or are viruses able to modify the other NTUSER.DAT files without a login?
Is the advice to refrain from changing IDs till the infection is dealt with on the primary ID, or must each ID be "cleaned", in turn ... or is that even necessary if the person never changed IDs from the start of the attack till it was cleaned out (on the one ID)?
Thx.
Longden