Cannot delete this file!

[Alastair MacFarlane]

Dear All,

I have an irritating Adware exe file that is really causing me problems. I
have Ad-Aware SE that does not detect it, but my IE 7 browser is getting
highjacked by this executable in my: "C:\documents and settings\Fred\local
settings\application data\" folder.

The Ad-Aware says there is a process running (also in my start-up -
identified through MSCONFIG) that does not appear when I browse to the
directory (even when I view hidden files). The filename is "wpyxqi.exe" and
Ad-Aware SE says that it is an "Internet Explorer_Hidden" Class. I can
double click the entry in Ad-Aware SE for the process and it opens up the
traditional properties form for the exe file and advises me that it is 0k in
size.

How can I delete the file when I cannot see it, and everytime IE7 starts up
again it changes the start-up section in my registry?

Thanks again.

Alastair MacFarlane

Cross - posted in microsoft.public.windowsxp.general &
microsoft.public.internetexplorer.general

 

[matt hopkins]

the best way to get rid of it is just to reload the computer to an earlier
point befor the adware got on but there is a few ways you can try.
try opening the tools menu in the folder and then goto folder options > view
show hidden and show system files. hopefully youll then be able to delete
it.
otherwise you can try deleting it in command prompt type cd.. a few times
till it gets back to c:/ then type cd documents and settings and cd (Folder
name) all the way untill you get to the correct folder. then if you use dir
a list will display and you can then use delete or remove to delet the file.
if it still loads on then its built into the registry and youlll have to
find the program youre looking for in there and delete or use a registry
editor program.

 

[Malke]

the best way to get rid of it is just to reload the computer to an
earlier point befor the adware got on but there is a few ways you can try.
try opening the tools menu in the folder and then goto folder options >
view show hidden and show system files. hopefully youll then be able to
delete it.
otherwise you can try deleting it in command prompt type cd.. a few
times till it gets back to c:/ then type cd documents and settings and
cd (Folder name) all the way untill you get to the correct folder. then
if you use dir a list will display and you can then use delete or remove
to delet the file.
if it still loads on then its built into the registry and youlll have to
find the program youre looking for in there and delete or use a registry
editor program.

That is absolutely ridiculous advice. It is apparent that you don't know
anything about removing malware. It's also terrible advice because if
the OP followed your suggestion to use a registry editor on an infected
machine there is a good possibility that his Windows installation would
become unbootable.

To the OP: You have a nasty malware infection, probably a Vundo trojan
and possibly one of the latest variants that installs a rootkit. I
strongly suggest you register and post a HijackThis log at one of the
following specialty forums (not here, please). You will get guided help
to remove the malware. I believe you will need the guided help because
this type of infection is very difficult to remove.

http://aumha.org/downloads/hijackthis.zip
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/ - Click on the HijackThis forum. Read the announcement
and the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html


Malke

 

[matt hopkins]

That is absolutely ridiculous advice. It is apparent that you don't know

anything about removing malware. It's also terrible advice because if the
OP followed your suggestion to use a registry editor on an infected
machine there is a good possibility that his Windows installation would
become unbootable.

To the OP: You have a nasty malware infection, probably a Vundo trojan and
possibly one of the latest variants that installs a rootkit. I strongly
suggest you register and post a HijackThis log at one of the following
specialty forums (not here, please). You will get guided help to remove
the malware. I believe you will need the guided help because this type of
infection is very difficult to remove.

Your probably right ive never had a root kit problem on my computer and
trainin aint got that far yet only upto the dst level. so yer ya right dont
no anything about them. but can you still get passed them by restoring to
the computer to a time before it got on? and does that avg root kit get rid
of them completely