Is it a virus corrputing my files or something else?

  • Thread starter Thread starter CJSnet
  • Start date Start date
C

CJSnet

Hi, I have the following error when I try to delete corrupted .exe files,
and it seems every week I discover more corrupt files popping up:

Cannot delete <filename>: Access is denied.
Make sure the disk is not full or write-protected and that the file is not
currently in use.

And when I try to open them:
Windows cannot access the specified device, path or file. You may not have
the appropriate permissions to access the item.

When I go to Properties, what used to be normal WinXP exe files now have the
Properties for an MS-DOS program! There isn't even a security tab.

They used to have application icons, but since corrupting, they only have
the 'MS-DOS window' icon.

*Please note, this is NOT due to permissions or security - I'm a full
administrator and the files aren't locked.*

I've run a full disk check with CHKDSK with bad sector scan, twice, but it
didn't make the files deletable. I also can't delete them from safe mode.

Is there a better disk check program that will?

Any idea what caused this? Hard drive, virus, Windows?

Thanks in advance.
 
how do you know they are corrupted? do you have an up to date virus
scanner?
 
Go to McAfee (http://www.mcafee.com/myapps/mfs/default.asp) and/or Trend
(http://housecall.antivirus.com ) and perform an online scan of your platform.

Please report back your results.

Dave




| Hi, I have the following error when I try to delete corrupted .exe files,
| and it seems every week I discover more corrupt files popping up:
|
| Cannot delete <filename>: Access is denied.
| Make sure the disk is not full or write-protected and that the file is not
| currently in use.
|
| And when I try to open them:
| Windows cannot access the specified device, path or file. You may not have
| the appropriate permissions to access the item.
|
| When I go to Properties, what used to be normal WinXP exe files now have the
| Properties for an MS-DOS program! There isn't even a security tab.
|
| They used to have application icons, but since corrupting, they only have
| the 'MS-DOS window' icon.
|
| *Please note, this is NOT due to permissions or security - I'm a full
| administrator and the files aren't locked.*
|
| I've run a full disk check with CHKDSK with bad sector scan, twice, but it
| didn't make the files deletable. I also can't delete them from safe mode.
|
| Is there a better disk check program that will?
|
| Any idea what caused this? Hard drive, virus, Windows?
|
| Thanks in advance.
| --
| CJSnet
|
| (Remove TEETH to reply by e-mail.)
|
|
|
 
Hi David, I thought my post made it pretty clear why they are corrupted.

Yes, I have up-to-date McAfee.
 
I already have VirusScan installed, with the latest updates daily, and no
virus is found. That is the strange thing - it doesn't appear to be a
Trojan or anything (I have their Personal Firewall too). But yet still I
discover more corrupted files every few days, that definitely weren't
corrupt hours earlier. It's like my hard drive is slowly eating itself.
 
just because windows reports you don't have permission to delete
something(even if you are administrator) or its icon or file properties have
changed doesn't mean it is corrupt. where do these 'corrupt' files show up?
and why are you trying to delete them? how do you know they weren't corrupt
in the first place? an example may help... where did the file come from,
what did it do when it was working properly, and exactly what does it do
when you think its corrupted? i have never seen corrupted exe files in xp,
of course i usually don't go around trying to delete exe files either so
maybe that is why. is your disk formatted for ntfs or fat? have you
disabled simple file sharing? where do these files show up?
 
Hi, thanks for your help. I'll try to answer your questions if that will
help you narrow down the cause:

David Robbins said:
just because windows reports you don't have permission to delete
something(even if you are administrator) or its icon or file properties have
changed doesn't mean it is corrupt. where do these 'corrupt' files show
up?

I had 5 in \program files\setup files which is where i store executables and
zips containing full shareware programs.

I had 3 jpegs do the same thing in my pictures folder.

I had 2 system files in \windows\system32 do this and need re-registering,
etc.
and why are you trying to delete them?

Because they are corrupt. Initially I discovered because they wouldn't run
when I tried to launch them (giving the error I described earlier). For the
images, I noticed because in thumnail view of 50 images, 3 suddenly showed
no thumbnail and gave the error I described earlier.

It's random files in random folders, all suddenly becoming un-openable.
how do you know they weren't corrupt
in the first place?

Because I had run them before to install the shareware.
For the pictures, they'd been viewed before and always showed thumbnails.
For the system files, the program associated worked fine one day, then the
next wouldn't open.
an example may help... where did the file come from,
what did it do when it was working properly, and exactly what does it do
when you think its corrupted?

I have described that in my first post, please take a look.
i have never seen corrupted exe files in xp,
of course i usually don't go around trying to delete exe files either so
maybe that is why.

You've never deleted a compressed setup executable? Perhaps I should have
explained that, but my first post was getting a bit long.
is your disk formatted for ntfs or fat?
NTFS.

have you
disabled simple file sharing?

No, everything else works fine. I have also seen other posts on Google
Groups from people with the same error message, but no matter how long the
thread, rarely is there a solution. This does seem to be happening to
people, but nobody knows why.

Thanks in advance to you or anyone who can resolve this!
--
CJSnet

(Remove TEETH to reply by e-mail.)


where do these files show up?
 
ok, with ntfs volumes you may want to turn off simple file sharing. this
would let you have more detailed control over access to the files. when one
becomes undeletable you could check who has ownership and be able to take
ownership if it has changed. that may also give you a clue about what
process is changing it.

you may also want to enable auditing of file access then wait till something
happens and see what did it.
 
Hi David

I fixed it! Thanks for pointing me in the right direction. I checked
ownership and the files had no owner. I added me as an owner, and I could
then delete them.

The only question remaining is why did they lose their ownership, apparently
randomly... :-S
 
Right click on the File(s) --> Security --> Acvanced --> Auditing --> Add -->
Select User or Group (probably everyone)
Choose properties for; Successful and/or failed

Information based upon choices will be logged.

Dave



| I'm not familiar how to do that. Brief directions appreciated :)
| --
| CJSnet
|
| (Remove TEETH to reply by e-mail.)
|
| | > that is what auditing access to them should tell you.
| >
| > | > > Hi David
| > >
| > > I fixed it! Thanks for pointing me in the right direction. I checked
| > > ownership and the files had no owner. I added me as an owner, and I
| could
| > > then delete them.
| > >
| > > The only question remaining is why did they lose their ownership,
| > apparently
| > > randomly... :-S
| > > --
| > > CJSnet
| > >
| > > (Remove TEETH to reply by e-mail.)
| > >
| > >
| > > | > > > ok, with ntfs volumes you may want to turn off simple file sharing.
| > this
| > > > would let you have more detailed control over access to the files.
| when
| > > one
| > > > becomes undeletable you could check who has ownership and be able to
| > take
| > > > ownership if it has changed. that may also give you a clue about what
| > > > process is changing it.
| > > >
| > > > you may also want to enable auditing of file access then wait till
| > > something
| > > > happens and see what did it.
| > > >
| > > >
| > > > | > > > > Hi, thanks for your help. I'll try to answer your questions if that
| > > will
| > > > > help you narrow down the cause:
| > > > >
| > > > > | > > > > > just because windows reports you don't have permission to delete
| > > > > > something(even if you are administrator) or its icon or file
| > > properties
| > > > > have
| > > > > > changed doesn't mean it is corrupt. where do these 'corrupt'
| files
| > > show
| > > > > up?
| > > > >
| > > > > I had 5 in \program files\setup files which is where i store
| > executables
| > > > and
| > > > > zips containing full shareware programs.
| > > > >
| > > > > I had 3 jpegs do the same thing in my pictures folder.
| > > > >
| > > > > I had 2 system files in \windows\system32 do this and need
| > > re-registering,
| > > > > etc.
| > > > >
| > > > > > and why are you trying to delete them?
| > > > >
| > > > > Because they are corrupt. Initially I discovered because they
| > wouldn't
| > > > run
| > > > > when I tried to launch them (giving the error I described earlier).
| > For
| > > > the
| > > > > images, I noticed because in thumnail view of 50 images, 3 suddenly
| > > showed
| > > > > no thumbnail and gave the error I described earlier.
| > > > >
| > > > > It's random files in random folders, all suddenly becoming
| > un-openable.
| > > > >
| > > > > > how do you know they weren't corrupt
| > > > > > in the first place?
| > > > >
| > > > > Because I had run them before to install the shareware.
| > > > > For the pictures, they'd been viewed before and always showed
| > > thumbnails.
| > > > > For the system files, the program associated worked fine one day,
| then
| > > the
| > > > > next wouldn't open.
| > > > >
| > > > > > an example may help... where did the file come from,
| > > > > > what did it do when it was working properly, and exactly what does
| > it
| > > do
| > > > > > when you think its corrupted?
| > > > >
| > > > > I have described that in my first post, please take a look.
| > > > >
| > > > > > i have never seen corrupted exe files in xp,
| > > > > > of course i usually don't go around trying to delete exe files
| > either
| > > so
| > > > > > maybe that is why.
| > > > >
| > > > > You've never deleted a compressed setup executable? Perhaps I
| should
| > > have
| > > > > explained that, but my first post was getting a bit long.
| > > > >
| > > > > > is your disk formatted for ntfs or fat?
| > > > >
| > > > > NTFS.
| > > > >
| > > > > > have you
| > > > > > disabled simple file sharing?
| > > > >
| > > > > No, everything else works fine. I have also seen other posts on
| > Google
| > > > > Groups from people with the same error message, but no matter how
| long
| > > the
| > > > > thread, rarely is there a solution. This does seem to be happening
| to
| > > > > people, but nobody knows why.
| > > > >
| > > > > Thanks in advance to you or anyone who can resolve this!
| > > > > --
| > > > > CJSnet
| > > > >
| > > > > (Remove TEETH to reply by e-mail.)
| > > > >
| > > > >
| > > > > where do these files show up?
| > > > > >
| > > > > >
| > > > > >
| > > > > > | > > > > > > I already have VirusScan installed, with the latest updates
| daily,
| > > and
| > > > > no
| > > > > > > virus is found. That is the strange thing - it doesn't appear
| to
| > be
| > > a
| > > > > > > Trojan or anything (I have their Personal Firewall too). But
| yet
| > > > still
| > > > > I
| > > > > > > discover more corrupted files every few days, that definitely
| > > weren't
| > > > > > > corrupt hours earlier. It's like my hard drive is slowly eating
| > > > itself.
| > > > > > > --
| > > > > > > CJSnet
| > > > > > >
| > > > > > > (Remove TEETH to reply by e-mail.)
| > > > > > >
| > > > > > > | > > > > > > > Go to McAfee (http://www.mcafee.com/myapps/mfs/default.asp)
| > and/or
| > > > > Trend
| > > > > > > > (http://housecall.antivirus.com ) and perform an online scan
| of
| > > your
| > > > > > > platform.
| > > > > > > >
| > > > > > > > Please report back your results.
| > > > > > > >
| > > > > > > > Dave
| > > > > > > >
| > > > > > > >
| > > > > > > >
| > > > > > > >
| > > > > > > > | > > > > > > > | Hi, I have the following error when I try to delete
| corrupted
| > > .exe
| > > > > > > files,
| > > > > > > > | and it seems every week I discover more corrupt files
| popping
| > > up:
| > > > > > > > |
| > > > > > > > | Cannot delete <filename>: Access is denied.
| > > > > > > > | Make sure the disk is not full or write-protected and that
| the
| > > > file
| > > > > is
| > > > > > > not
| > > > > > > > | currently in use.
| > > > > > > > |
| > > > > > > > | And when I try to open them:
| > > > > > > > | Windows cannot access the specified device, path or file.
| You
| > > may
| > > > > not
| > > > > > > have
| > > > > > > > | the appropriate permissions to access the item.
| > > > > > > > |
| > > > > > > > | When I go to Properties, what used to be normal WinXP exe
| > files
| > > > now
| > > > > > have
| > > > > > > the
| > > > > > > > | Properties for an MS-DOS program! There isn't even a
| security
| > > > tab.
| > > > > > > > |
| > > > > > > > | They used to have application icons, but since corrupting,
| > they
| > > > only
| > > > > > > have
| > > > > > > > | the 'MS-DOS window' icon.
| > > > > > > > |
| > > > > > > > | *Please note, this is NOT due to permissions or security -
| I'm
| > a
| > > > > full
| > > > > > > > | administrator and the files aren't locked.*
| > > > > > > > |
| > > > > > > > | I've run a full disk check with CHKDSK with bad sector scan,
| > > > twice,
| > > > > > but
| > > > > > > it
| > > > > > > > | didn't make the files deletable. I also can't delete them
| > from
| > > > safe
| > > > > > > mode.
| > > > > > > > |
| > > > > > > > | Is there a better disk check program that will?
| > > > > > > > |
| > > > > > > > | Any idea what caused this? Hard drive, virus, Windows?
| > > > > > > > |
| > > > > > > > | Thanks in advance.
| > > > > > > > | --
| > > > > > > > | CJSnet
| > > > > > > > |
| > > > > > > > | (Remove TEETH to reply by e-mail.)
| > > > > > > > |
| > > > > > > > |
| > > > > > > > |
| > > > > > > >
| > > > > > > >
| > > > > > >
| > > > > > >
| > > > > >
| > > > > >
| > > > >
| > > > >
| > > >
| > > >
| > >
| > >
| >
| >
|
|
 
well, its not the simplest thing to do... start with the administrative
tools in the control panel... hopefully you have a selection there for
'local security policy'... if not there is a way to add it, bring up the
help and search for 'audit' (which is a good thing to do to get details of
this procedure anyway). under the local security settings select local
policies, then audit policy. right click on the 'audit object access' and
select properties, then check both success and failure since it could be
some kind of failure that causes your problem. some of the other audits may
be interesting also, maybe process tracking would show you something
starting that shouldn't be just before a file is corrupted. (by the way,
after you take ownership of one of those corrupted files try running it,
maybe the ownership problem was preventing you from running it).

now that you have enabled auditing the next step is to define what files and
folders to audit. you can do that with the security tab, click the advanced
button, then select the auditing tab. add an entry for 'everyone' and
select 'full access' i think will give you the most complete audit trail.
you probably want to pick a few folders where you have seen this problem
before, i'm afraid if you audit everything for everyone it may slow down
your system, and the log will grow too fast, but try it and see how much it
slows you down.

audit entries can be viewed with the event viewer under the security
selection. you might also want to check the application log and system log
to see if there are already any events in them that might help locate the
problem.
 
Thanks for everything. Will try that, but for now it's all fixed. :)
Happy Christmas.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top