can't get rid of file

H

Huwy

Hi,

I've a problem on my windows xp PC where there is a file
(c:\windows\system32\twex.exe) that just won't be deleted. I have tried
various:-
- I suspect it's malware as it's loaded at startup - I've tried to use
hijackthis to remove the startup link but it keeps returning at reboot.
- Anti-virus won't scan it - reports permissions denied.
- I can't take ownership of the file (despite being an administrator)
- I've tried booting in safe mode - still can't remove it.
- I've also tried booting of a boot CD (bart) but this just bluescreens the
PC. I think that may be because it doesn't like sata disks?

Can anyone recommend how I can delete this bl**dy file?

-H
 
G

Gerry

Huwy

Something like Malwarebytes might be worth a try.

Malwarebytes' Anti-Malware
1.37 -freeware (if you upgrade you pay).
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Run Malwarebytes' and turn off your current anti-virus
before you do to avoid a conflict. Disregard the invitation on the web
site regarding the Registry Optimiser -a Registry Optimiser is not a
helpful utility.

--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
R

Roy

Huwy

Something like Malwarebytes might be worth a try.

Malwarebytes' Anti-Malware
1.37 -freeware (if you upgrade you pay).http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-1080457...

Run Malwarebytes' and turn off your current anti-virus
before you do to avoid a conflict. Disregard the invitation on the web
site regarding the Registry Optimiser -a Registry Optimiser is not a
helpful utility.

--

Hope  this helps.

Gerry
 ~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~






- Show quoted text -
Click to expand...

Have you tried unlocker?
 
D

David H. Lipman

From: "Gerry" <[email protected]>


| Huwy

| Something like Malwarebytes might be worth a try.

| Malwarebytes' Anti-Malware
| 1.37 -freeware (if you upgrade you pay).
| http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

| Run Malwarebytes' and turn off your current anti-virus
| before you do to avoid a conflict. Disregard the invitation on the web
| site regarding the Registry Optimiser -a Registry Optimiser is not a
| helpful utility.

| --


It is malware and MBAM is at v1.38.
 
G

Gerry

David

I will update the version im my next post. Thanks for pointing this out.


--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
G

Gerry

Huwy

We'll be sitting on the edge of our seats waiting on your further report
<G>.

--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
H

HeyBub

Huwy said:
Hi,

I've a problem on my windows xp PC where there is a file
(c:\windows\system32\twex.exe) that just won't be deleted. I have
tried various:-
- I suspect it's malware as it's loaded at startup - I've tried to use
hijackthis to remove the startup link but it keeps returning at
reboot. - Anti-virus won't scan it - reports permissions denied.
- I can't take ownership of the file (despite being an administrator)
- I've tried booting in safe mode - still can't remove it.
- I've also tried booting of a boot CD (bart) but this just
bluescreens the PC. I think that may be because it doesn't like sata
disks?
Can anyone recommend how I can delete this bl**dy file?
Click to expand...

This is a double-nasty:

"Threat characteristics of ZBot - a banking trojan that disables firewall,
steals sensitive financial data (credit card numbers, online banking login
details), makes screen snapshots, downloads additional components, and
provides a hacker with the remote access to the compromised system.

"Creates a startup registry entry."

Also it rootkits your system and enrolls you in the American Nazi Party.

See:
http://www.threatexpert.com/report.aspx?md5=44f85099676ee1a4add4b1f6903dafaf
 
E

Elmo

Huwy said:
Hi,

I've a problem on my windows xp PC where there is a file
(c:\windows\system32\twex.exe) that just won't be deleted. I have tried
various:-
- I suspect it's malware as it's loaded at startup - I've tried to use
hijackthis to remove the startup link but it keeps returning at reboot.
- Anti-virus won't scan it - reports permissions denied.
- I can't take ownership of the file (despite being an administrator)
- I've tried booting in safe mode - still can't remove it.
- I've also tried booting of a boot CD (bart) but this just bluescreens the
PC. I think that may be because it doesn't like sata disks?

Can anyone recommend how I can delete this bl**dy file?
Click to expand...

If Malwarebytes doesn't work, try this:

Burn BitDefender Rescue to a CD (using a working machine) and test the
infected machine with it:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Then run Malwarebytes again.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Can't get rid of a program 18
cannot delete folder on NTFS drive 5
BIOS won't recognize a TIVO SATA HD 16
Can't delete file 3
Removal of Backdoor.Agent.B 2
How do I get rid of Napster 11
Repair Install can't find files. 6
Can't get rid of strange virus/spyware :-( 7

Top