Hi,

I've a problem on my windows xp PC where there is a file
(c:\windows\system32\twex.exe) that just won't be deleted. I have tried
various:-
- I suspect it's malware as it's loaded at startup - I've tried to use
hijackthis to remove the startup link but it keeps returning at reboot.
- Anti-virus won't scan it - reports permissions denied.
- I can't take ownership of the file (despite being an administrator)
- I've tried booting in safe mode - still can't remove it.
- I've also tried booting of a boot CD (bart) but this just bluescreens the
PC. I think that may be because it doesn't like sata disks?

Can anyone recommend how I can delete this bl**dy file?

-H

Huwy

Something like Malwarebytes might be worth a try.

Malwarebytes' Anti-Malware
1.37 -freeware (if you upgrade you pay).
http://www.download.com/Malwarebytes...-10804572.html

Run Malwarebytes' and turn off your current anti-virus
before you do to avoid a conflict. Disregard the invitation on the web
site regarding the Registry Optimiser -a Registry Optimiser is not a
helpful utility.

--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~



Huwy wrote:
> Hi,
>
> I've a problem on my windows xp PC where there is a file
> (c:\windows\system32\twex.exe) that just won't be deleted. I have
> tried various:-
> - I suspect it's malware as it's loaded at startup - I've tried to use
> hijackthis to remove the startup link but it keeps returning at
> reboot. - Anti-virus won't scan it - reports permissions denied.
> - I can't take ownership of the file (despite being an administrator)
> - I've tried booting in safe mode - still can't remove it.
> - I've also tried booting of a boot CD (bart) but this just
> bluescreens the PC. I think that may be because it doesn't like sata
> disks?
> Can anyone recommend how I can delete this bl**dy file?
>
> -H

On Jun 22, 5:46*pm, "Gerry" <ge...@nospam.com> wrote:
> Huwy
>
> Something like Malwarebytes might be worth a try.
>
> Malwarebytes' Anti-Malware
> 1.37 -freeware (if you upgrade you pay).http://www.download.com/Malwarebytes...8022_4-1080457...
>
> Run Malwarebytes' and turn off your current anti-virus
> before you do to avoid a conflict. Disregard the invitation on the web
> site regarding the Registry Optimiser -a Registry Optimiser is not a
> helpful utility.
>
> --
>
> Hope *this helps.
>
> Gerry
> *~~~~
> FCA
> Stourport, England
> Enquire, plan and execute
> ~~~~~~~~~~~~~~~~~~~
>
>
>
> Huwy wrote:
> > Hi,
>
> > I've a problem on my windows xp PC where there is a file
> > (c:\windows\system32\twex.exe) that just won't be deleted. I have
> > tried various:-
> > - I suspect it's malware as it's loaded at startup - I've tried to use
> > hijackthis to remove the startup link but it keeps returning at
> > reboot. - Anti-virus won't scan it - reports permissions denied.
> > - I can't take ownership of the file (despite being an administrator)
> > - I've tried booting in safe mode - still can't remove it.
> > - I've also tried booting of a boot CD (bart) but this just
> > bluescreens the PC. I think that may be because it doesn't like sata
> > disks?
> > Can anyone recommend how I can delete this bl**dy file?
>
> > -H- Hide quoted text -
>
> - Show quoted text -

Have you tried unlocker?

From: "Gerry" <(E-Mail Removed)>


| Huwy

| Something like Malwarebytes might be worth a try.

| Malwarebytes' Anti-Malware
| 1.37 -freeware (if you upgrade you pay).
| http://www.download.com/Malwarebytes...-10804572.html

| Run Malwarebytes' and turn off your current anti-virus
| before you do to avoid a conflict. Disregard the invitation on the web
| site regarding the Registry Optimiser -a Registry Optimiser is not a
| helpful utility.

| --


It is malware and MBAM is at v1.38.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

David

I will update the version im my next post. Thanks for pointing this out.


--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


David H. Lipman wrote:
> From: "Gerry" <(E-Mail Removed)>
>
>
>> Huwy
>
>> Something like Malwarebytes might be worth a try.
>
>> Malwarebytes' Anti-Malware
>> 1.37 -freeware (if you upgrade you pay).
>> http://www.download.com/Malwarebytes...-10804572.html
>
>> Run Malwarebytes' and turn off your current anti-virus
>> before you do to avoid a conflict. Disregard the invitation on the
>> web site regarding the Registry Optimiser -a Registry Optimiser is
>> not a helpful utility.
>
>> --
>
>
> It is malware and MBAM is at v1.38.

Thanks guys. I'll try malwarebytes.



"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:(E-Mail Removed)...
> From: "Gerry" <(E-Mail Removed)>
>
>
> | Huwy
>
> | Something like Malwarebytes might be worth a try.
>
> | Malwarebytes' Anti-Malware
> | 1.37 -freeware (if you upgrade you pay).
> |
> http://www.download.com/Malwarebytes...-10804572.html
>
> | Run Malwarebytes' and turn off your current anti-virus
> | before you do to avoid a conflict. Disregard the invitation on the web
> | site regarding the Registry Optimiser -a Registry Optimiser is not a
> | helpful utility.
>
> | --
>
>
> It is malware and MBAM is at v1.38.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>

Huwy

We'll be sitting on the edge of our seats waiting on your further report
<G>.

--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


Huwy wrote:
> Thanks guys. I'll try malwarebytes.
>
>
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:(E-Mail Removed)...
>> From: "Gerry" <(E-Mail Removed)>
>>
>>
>>> Huwy
>>
>>> Something like Malwarebytes might be worth a try.
>>
>>> Malwarebytes' Anti-Malware
>>> 1.37 -freeware (if you upgrade you pay).
>>>
>> http://www.download.com/Malwarebytes...-10804572.html
>>
>>> Run Malwarebytes' and turn off your current anti-virus
>>> before you do to avoid a conflict. Disregard the invitation on the
>>> web site regarding the Registry Optimiser -a Registry Optimiser is
>>> not a helpful utility.
>>
>>> --
>>
>>
>> It is malware and MBAM is at v1.38.
>>
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Unlocker *rocks*.

On Mon, 22 Jun 2009 03:28:18 -0700 (PDT), Roy <(E-Mail Removed)>
wrote:

>On Jun 22, 5:46*pm, "Gerry" <ge...@nospam.com> wrote:
>> Huwy
>>
>> Something like Malwarebytes might be worth a try.
>>
>> Malwarebytes' Anti-Malware
>> 1.37 -freeware (if you upgrade you pay).http://www.download.com/Malwarebytes...8022_4-1080457...
>>
>> Run Malwarebytes' and turn off your current anti-virus
>> before you do to avoid a conflict. Disregard the invitation on the web
>> site regarding the Registry Optimiser -a Registry Optimiser is not a
>> helpful utility.
>>
>> --
>>
>> Hope *this helps.
>>
>> Gerry
>> *~~~~
>> FCA
>> Stourport, England
>> Enquire, plan and execute
>> ~~~~~~~~~~~~~~~~~~~
>>
>>
>>
>> Huwy wrote:
>> > Hi,
>>
>> > I've a problem on my windows xp PC where there is a file
>> > (c:\windows\system32\twex.exe) that just won't be deleted. I have
>> > tried various:-
>> > - I suspect it's malware as it's loaded at startup - I've tried to use
>> > hijackthis to remove the startup link but it keeps returning at
>> > reboot. - Anti-virus won't scan it - reports permissions denied.
>> > - I can't take ownership of the file (despite being an administrator)
>> > - I've tried booting in safe mode - still can't remove it.
>> > - I've also tried booting of a boot CD (bart) but this just
>> > bluescreens the PC. I think that may be because it doesn't like sata
>> > disks?
>> > Can anyone recommend how I can delete this bl**dy file?
>>
>> > -H- Hide quoted text -
>>
>> - Show quoted text -
>
>Have you tried unlocker?

Huwy wrote:
> Hi,
>
> I've a problem on my windows xp PC where there is a file
> (c:\windows\system32\twex.exe) that just won't be deleted. I have
> tried various:-
> - I suspect it's malware as it's loaded at startup - I've tried to use
> hijackthis to remove the startup link but it keeps returning at
> reboot. - Anti-virus won't scan it - reports permissions denied.
> - I can't take ownership of the file (despite being an administrator)
> - I've tried booting in safe mode - still can't remove it.
> - I've also tried booting of a boot CD (bart) but this just
> bluescreens the PC. I think that may be because it doesn't like sata
> disks?
> Can anyone recommend how I can delete this bl**dy file?
>

This is a double-nasty:

"Threat characteristics of ZBot - a banking trojan that disables firewall,
steals sensitive financial data (credit card numbers, online banking login
details), makes screen snapshots, downloads additional components, and
provides a hacker with the remote access to the compromised system.

"Creates a startup registry entry."

Also it rootkits your system and enrolls you in the American Nazi Party.

See:
http://www.threatexpert.com/report.a...d4b1f6903dafaf

Huwy wrote:
> Hi,
>
> I've a problem on my windows xp PC where there is a file
> (c:\windows\system32\twex.exe) that just won't be deleted. I have tried
> various:-
> - I suspect it's malware as it's loaded at startup - I've tried to use
> hijackthis to remove the startup link but it keeps returning at reboot.
> - Anti-virus won't scan it - reports permissions denied.
> - I can't take ownership of the file (despite being an administrator)
> - I've tried booting in safe mode - still can't remove it.
> - I've also tried booting of a boot CD (bart) but this just bluescreens the
> PC. I think that may be because it doesn't like sata disks?
>
> Can anyone recommend how I can delete this bl**dy file?

If Malwarebytes doesn't work, try this:

Burn BitDefender Rescue to a CD (using a working machine) and test the
infected machine with it:

http://www.techmixer.com/free-bootab...download-list/

Then run Malwarebytes again.

--
Joe =o)