I run Windows XP with Norton virus protection. When I do a scan of my computer, it shows that I have one infected file, which Norton identifies as MediaTicketInstaller.ocx, an adware file.

Norton asks if I want to delete the file, but when I respond “yes” it fails to delete it.

Other files will be deleted properly if they are detected as possible infections.

Norton tells me that the file is in the Windows/Downloaded Programs folder.

However, I cannot find it in that folder when I use Windows Explorer, nor can I find it using Start and Search and then plug in the file name.

So how can I find the file since Norton keeps telling me it is in my computer?

Roy Messer

pacbell.net

A. Did it ever occur to you that Symantec Corp.’s vaunted Norton AntiVirus could be wrong?

It didn’t occur to me either, Mr. M. At least that was the case until I hunkered down to research your problem and found that it’s bugging a lot of folks.

They all say the antivirus program does a first-rate job of finding this nasty bit of spyware/adware but, like you, they can’t find it and delete it.

That’s because the authors of this bit of vandalism apparently found a way to use the Windows System Registry to cloak the file so it cannot be found even if users set their computers to show all hidden and system files and do searches as you did.

Here’s the drill for making registry fixes. First make a backup of this utterly essential Windows file that handles a huge proportion of everything a computer does.

Click on Start and then Run and type the command regedit to open the registry.

Now look under the File commands for Export and pick it to send a copy of the intact registry to your hard drive.

If you get in trouble following my advice you can restore the registry by clicking on that backup icon.

Now highlight the first line in the registry and tap Control + F and type the search term mediaticket.

Using Find Next will take you to up to a half-dozen instances of the file in the registry. You then find that each of them has been assigned a value, which you may then locateby clicking on the entry.

Use the edit box this brings up to remove the value, which is a code that hides the files even if your machine is set to find hidden files.

Now go back to the Start/Search button you had been using and search again.

This time MediaTicket Installer.ocx will be visible for deletion.

Jim Coates writes for the Chicago Tribune.