Help please, I think I'm trojanned!

[Barabajagal]

I use the following method for my media player's self-update system. It renames itself from LLMP.exe to LLMP.old. It then downloads the new LLMP.exe to the same location. It runs the new EXE and closes itself. The new copy deletes the old one now that it's no longer running. Doesn't the same ability apply to any program you can make?

[Skywing]

Only if the user account with which you are doing that operation from has write access to the file/directory.

If you placed your program in a location under, say, %ProgramFiles% (with the default ACL) and attempted the process running it as a limited user, it will fail.

* Note: If you are using filesystem virtualization for Vista, the virtualization minifilter may make a shadow copy under your %userprofile% tree, with redirection in place to make it appear as the operation succeeded, despite the fact that the original in %ProgramFiles% is unchanged.  If you accessed the program from a different user account, it would see the original in %ProgramFiles% and not the "modified" one.

[Joe[x86]]

@Newby, Warrior: Quit trying to be asses. Simple as that.

EDIT -
BreW, if you upload it I'll take a swing at reverse engineering it and seeing what's up.

[brew]

I deleted it. (lost interest) But thanks anyways.