computer makes clicking sounds (on its own) like the sound when you open a folder or click on a link supposingly this virus can use your computer your computer has be compromised and its being monitored by a remote server this can be a very dangerous virus DON'T start deleting files from your computer unless you know what it is your deleting. you should rely on antivirus and antimalware apps FIRST for malware removal. you should try using anti-malware software first but this routing.exe is not detected by most anti-malware software or can only remove it partialy It is a virus that compromises your computer and its being monitored by a remote server.also it can possibly use your computer to infect others as well as transmit personal data from your computer to a remote host.The only way to fully guarantee that all is removed is to do a re-format and re-install Windows.short of that I used the steps I mentioned below and the clicking stopped and no ill effects on windows vista.Again, you should try to use up-to-date anti-malware program FIRST,and quarintine to make sure it is not attached to any crucial processes. also I recommend making backups of all files before you attempt any of this all these are associated: C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\ndt2.sys C:\WINDOWS\system32\perfs.exe you can try : copy text below and paste in notepad sc stop perfmons sc delete perfmons sc stop Routing sc delete Routing exit save as all files to your desktop and name it fix.bat this will make it a batch file In vista you must restart your computer before it will work then after start up double click the new icon on desktop cmd window will pop up quickly with the process then you may go into system32 and delete and this is the ONLY way I know to delete this file on vista because of extra "safety" of vista will not let you just delete the file. this did not work for me once I had deleted the perfs.exe and restarted I couldn't get routing.exe to delete I had to download hijackthis: http://free-software-now.com/hijackthis/index.asp?revid=dhconsult&glid=none&ovid=none&sub=&kbid=
An excellent post Jackofall. I tried your method and so far no sign of any of the files/folders in system32. I also discovered that this trojan was blocking one of my applications from working as after I followed your instructions and deleted perfs it suddenly sprung back to life after a day of trying. This is a worrying trojan for Vista and I just wonder why the antivirus companies cannot counter it?
I am so glad that this could help you out. thanks for the feed back I dont know why this cant be counter-attacked.
Maybe it's coincidence but Eset antivirus has just quarantined perfs.exe and it's associated applications as trojans. Obviously the latest update has now included these definitions (at last!). Unfortunately these bugs tried to return despite my trying to block them with Comodo firewall (it at least caused them to be dormant in System32). Now that Eset has found and quarantined them I believe they should no linger present a problem. Hope that the other antiviruses will follow suit.
