Some things to try;
1.) You'll need to first stop the process that loads them. Natively you can;
Start\Settings\Control Panel\Administrative Tools\Computer
Management(Local)\System Information\Software Environment\Startup
Programs|View|Advanced, then in the "Location" column, you'll find the path
to the "Startup" location either in the "Startup" directories or from the
registry's "Run" keys.
%ALLUSERSPROFILE%\Start Menu\Programs\Startup
%USERPROFILE%\Start Menu\Programs\Startup
You can delete the shortcuts that you no longer want to run.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
You can delete the string value for the program you no longer want to run.
or copy msconfig from Windows XP
2.) The recycle bin may contain a corrupt, or otherwise incorrect
information file. If format is FAT, then from a command prompt change to the
recycler directory, then do a dir to see what files you might find and
delete any files found, then
attrib -h info*
this should unhide the info* file that stores the information about the
original location of deleted files in the recycle bin. Delete this file.
If format is NTFS then change to the recycler directory then change to the
hidden directory named for your SID (this can be found from within Explorer,
(by expanding the recycler folder). Then
attrib -h info*
this should unhide the info* file that stores the information about the
original location of deleted files in the recycle bin. Delete this file
Then the next time you move files to the recycle bin another hidden info
file will be created.
Another option is to delete only the info or info2 file (in the recycler
dir) and then restart the pc, then a new and correct information file will
be created in the recycler directory.
3.) From a command prompt try;
del \\.\Drive:\directory\filename
(Note: the period between \\ and \)
Also
dir /x
and try deleting them using their 8.3 short names.
4.) Try deleting them from the recovery console. First you'll need to
Control Panel|Admin Tools|Local Security Policy Recovery console:"Allow
floppy copy and access to all drives/folders" set to enabled
To start the Recovery Console, start the computer from the Windows 2000
Setup CD or the Windows 2000 Setup floppy disks. If you do not have Setup
floppy disks and your computer cannot start from the Windows 2000 Setup CD,
use another Windows 2000-based computer to create the Setup floppy disks.
Press ENTER at the "Setup Notification" screen. Press R to repair a Windows
2000 installation, and then press C to use the Recovery Console. The
Recovery Console then prompts you for the administrator password. If you do
not have the correct password, Recovery Console does not allow access to the
computer. If an incorrect password is entered three times, the Recovery
Console quits and restarts the computer. Once the password has been
validated, you have full access to the Recovery Console, but limited access
to the hard disk. You can only access the following folders on your
computer: %systemroot% and %windir%
Then from the recovery console command line;
SET allowallpaths = TRUE
to gain access to all folders and try deleting from here.
--
Regards,
Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect
"niteowl" wrote:
|
| Hi all,
|
| got called to a friends house who has win2k SP4 installed and was having
| trouble with adware, and virus infections. When I first got there I
| used McAfee's Stinger file for a quick check of major/common infections,
| None were found. I even tried "fprotdos" run in safe mode, but it found
| nothing either. (I wasn't sure it would even run since it's a DOS
| program, but it "appeared" to run, but didn't find anything) I then
| updated and ran Spybot Search and Destroy, and Adaware 6, Norton 2004,
| with latest updates, and finally I installed Trojan Hunter 3.8 with
| latest defs.
|
| All those programs found several hundred "at risk" files.
|
| Some of the files resided in the "RECYCLER" folder, and while most could
| be manually deleted (in Windows Explorer), a few couldn't, one was
| named: S-1-5-21-220523388-152049171-854245398-1001
|
| the other files that Norton lists that refer back to that file are:
|
| Dc11.exe Adware Ezula
| Dc12.exe Adware Incredifind
| Dc13.exe Adware StatBlaster
| Dc14.exe Adware StatBlaster
| Dc15.exe Adware StatBlaster
|
| C:\WINNT\SYSTEM32\Gay1ZPSb.exe (I was able to manually delete this one
| in Windows Explorer)
|
|
| Ran another Norton scan of the system32 folder and came up with several
| different files showing as "at risk", Norton deleted all but 2 this time,
|
| RtaWJ.exe and SczOOJ3.exe were the ones left and couldn't be deleted.
|
| Is there no DOS in Win2000??????? How do I manually remove these
| without starting windows???? She is using NTFS. There is a 31M
| partition (?) that is FAT or FAT32, though I only see it when
| defragging, I don't know how to 'use' it. ???
|
| When Norton showed me the infected or at risk files, I deleted them,
| then the ones it couldn't remove I chose to "skip" instead of "Exclude"
| them at the final window..
| I assume "excluding" them means they would be ignored on the next scan.
| I rescanned immediately and the
|
| 3rd time found 5 new 'infected' files, deleted most, but still left the
| SczOOJ3.exe file.
|
| 4th time: found 9 new files, left Vbcv2.exe behind. ??
|
| 5th time: found 9 new files, left 2: MuwqK7ev.exe and Usd13Q.exe
|
| Help!!! these scans were run one right after the other, so these files
| are propagating faster than I can remove them. ???
|
| Is there another program that will clean these? or some way to access
| them without having them "run" when booting up to windows? I've always
| been able to get the HD clean before using the above combination of
| programs in win98, but this one is baffling me as I'm not that versed in
| win2000.
|
| ANY ideas of what I can do now would be greatly appreciated. I spent 7
| hours messing with these last night and just couldn't get past this.
|
| thanks,
| niteowl
|
Similar Threads
