Hi there, When installing NOD32 4.2 (instead of nod32 v2.7) the system i got a warning that the system is infected with Win32.daonol.O trojan. The realtime file scanner is constantly removing a file that is to be created in %temp % by winlogon.exe. But a full system scan does not find anything. Is there any kind of info known of a rootkit that wants to install this (or something like this?) in system.ini i found a link to a screensaver after [boot]. I deleted the link, but still the RTFS is busy with this file. anyone??