Hi Santiago - From my Blog, Defending Your Machine, addy below in my
Signature:
Sometimes the tools below will find files which they are unable to delete
because they are in use.
- A program called Locked Files Wizard (LFW), formerly CopyLock, here,
http://noeld.com/programs.asp?cat=misc
"is a simple assistant that allows you to either replace, move, delete or
rename one or more files or folders which are in use by the system or any
running process. Additionally, you can display and possibly stop the
processes or services that lock a file, and manage files flagged to be
processed by the system on next reboot (e.g. after an installation or an
uninstallation.) The Locked Files Wizard can also help to select some worms
and trojans from the Registry and to quickly remove them from the system."
Copylock2 (now Locked Files Wizard) does request a $12 registration fee in
order to activate some additional _new functions_ in the new version and/or
for installation on multiple computers or commercial usage. However, that
version is available for download at the link on that page without
registration and with full utility of the original capabilities of Copylock
after installation without registration. If you prefer, you can
alternatively download the older v. 1.09 version which involves no
registration at all (but, of course doesn't include the possibility of
upgrade to the paid version) here:
http://copylock.noel-danjou.qarchive.org/_download2.html
- Another is Killbox by Option Explicit, Beta version available here:
http://www.killbox.net/downloads/beta/KillBox.exe
Overview directions are available here:
http://www.killbox.net/help.html#Top
Read carefully - this tool is quite powerful. A Beta version is also
available.
- A third which is a bit different but often very useful is Delete Invalid
File, here:
http://www.purgeie.com/delinv.htm
which handles invalid/UNC file/folder name deleting, rather than the in use
problem. The situation with Delete Invalid Files is similar to that with
Copylock. The latest version adds additional capabilities which are aimed at
the commercial marketplace (but would be useful to an individual user also.)
However, all of the _original file removal functions_ are still freely
available in the download version without registration or payment.
From
http://www.purgeie.com/delinv/index.htm:
"As the "Free" version of DelinvFile had become so popular and has been
referenced on many download sites, web forums and newsgroups as being
"Free", the current version does not require a fee to access the original
program functions. The commercial version of DelinvFile makes available
additional functions which require licensing (registration) for them to
work. The additional functions include "Open With..", Renaming Files,
Renaming Folders, and Deleting Files and Folders at Boot."
- A fourth useful program is Unlocker, here:
http://ccollomb.free.fr/unlocker/
" Simply right click the folder or file and select Unlocker. If the folder
or file is locked, a window listing of lockers will appear. Simply select
the lockers and click Unlock and you are done!" Works as advertised and is
particularly helpful in identifying malware components which are
'protecting' each other.
- A fifth is FileASSASSIN, here:
http://www.malwarebytes.org/fileassassin.php
"FileASSASSIN can delete locked malware files on your system. It uses
advanced techniques to unload modules, close remote handles, and terminate
processes to allow the removal of the file."
--
Regards, Jim Byrd,
My Blog, Defending Your Machine,
http://defendingyourmachine2.blogspot.com/
In Santiago Torras <
[email protected]> typed:
|| I have around 15 directories, directly under c:\, each 55 MB.
|| Contents seems related to SQL Server installation, but I suspect
|| they are just subproducts of previous malware infections
||
|| I cannot delete them, even using pendmoves and movefiles, they don't
|| appear in any Process Explorer handle view, as far as I know.
||
|| According to KB927977 those files can be safely deleted. But, how?
||
|| Might I get some advice on that please?
||
||
|| --
|| thanks
