Suspect File(s)

G

Guest

I have a suspect folder containing a folder that attracts a Trojan file every
time I boot up the PC, I have tried to delete the folder/file but when I try
I get an error message that states it cannot delete the file as it is either
full or write protected or in use. I cannot see any other file it may be in
use with but I guess thats whats happening. At the moment I run a virus
program that deletes the Trojan file when its detected, but I would be
obliged if someone could tell me how to delete the folder/file.
Thanks
 
M

Malke

Boxer said:
I have a suspect folder containing a folder that attracts a Trojan file every
time I boot up the PC, I have tried to delete the folder/file but when I try
I get an error message that states it cannot delete the file as it is either
full or write protected or in use. I cannot see any other file it may be in
use with but I guess thats whats happening. At the moment I run a virus
program that deletes the Trojan file when its detected, but I would be
obliged if someone could tell me how to delete the folder/file.
Thanks

Whatever antivirus program you are using isn't getting to the root of
the problem. You've got something that is guarded with another file and
is also probably respawning.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with either Sysclean or Multi_AV, plus AVG Anti-Spyware
(formerly Ewido - http://www.ewido.net/en/) and follow instructions to
do all scans in Safe Mode.

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

If the procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a professional computer
repair shop (not your local version of BigStoreUSA). Please be aware
that not all local shops are skilled at removing malware and even if
they are, your computer may be so infested that Windows will need to be
clean-installed. Have all your data backed up before you take the
machine into a shop.

Malke
 
A

Ayush

Replied to [Boxer]s message :
I have a suspect folder containing a folder that attracts a Trojan file every
time I boot up the PC, I have tried to delete the folder/file but when I try
I get an error message that states it cannot delete the file as it is either
full or write protected or in use. I cannot see any other file it may be in
use with but I guess thats whats happening. At the moment I run a virus
program that deletes the Trojan file when its detected, but I would be
obliged if someone could tell me how to delete the folder/file.
Thanks

Use Unlocker to delete the folder then run the steps suggested by Malke.
 
E

Elmo

Boxer said:
I have a suspect folder containing a folder that attracts a Trojan file every
time I boot up the PC, I have tried to delete the folder/file but when I try
I get an error message that states it cannot delete the file as it is either
full or write protected or in use. I cannot see any other file it may be in
use with but I guess thats whats happening. At the moment I run a virus
program that deletes the Trojan file when its detected, but I would be
obliged if someone could tell me how to delete the folder/file.
Thanks

Set your a/v software to do a scan on bootup. That should wipe all
instances of the trojan before it can get control.
 
G

Guest

Hi, I thought I had a bit of PC savvy but your right this seems much more
difficult than I can deal with. I can find my way around the system quite
well and I thought I was well protected my AV prog is provided by my ISP
(Orange) which I pay a monthly subscription for, but after downloading AVG it
found 223 infections ok most were tracking cookies but 1 was a dialer! I
can't understand that I am unable to control the fate of one file and folder.
I have unhidden all files within the folder but it still shows just one that
gives the message previously explained. Its not too much of a problem as my
AV deletes the Trojan file as soon as it presents itself but these things
have a way of getting you in the end. The thing is I live in France the PC
is English and sometimes it seems the French are still trying to get to grips
with the Steam Engine, so any other help?
 
M

Malke

Boxer said:
Thanks but the AV program deletes the Trojan as soon as its presents itself

I'm sorry, but the only solutions are to either 1) go through the
malware removal steps at the link I already gave you, probably including
using HijackThis and posting to one of the HJT specialty forums; 2) take
the machine to a local professional skilled at malware removal; 3)
format the drive and clean-install Windows.

With malware that respawns (and most of the newer versions of malware
being written today), there are no "one-touch" answers.


Malke
 
P

Poprivet

Boxer said:
I have a suspect folder containing a folder that attracts a Trojan
file every time I boot up the PC, I have tried to delete the
folder/file but when I try I get an error message that states it
cannot delete the file as it is either full or write protected or in
use. I cannot see any other file it may be in use with but I guess
thats whats happening. At the moment I run a virus program that
deletes the Trojan file when its detected, but I would be obliged if
someone could tell me how to delete the folder/file.
Thanks

Got a name for the virus? File names? Folder name?
 
G

Guest

Thank you very much for your help, I managed to delete the file/folder in
safe mode, I downloaded skybot and found 5 other infections that AVG didn't
find. I will be much more careful where I go on this in future.
 
R

Rock

Thanks for your reply but I have managed to delete the file/folder.


You need to run through all the malware removal steps on the link provided
by Malke. Using just AVG and Spybot S&D is not enough. You're system could
still be compromised. Why do you want to take the easy way out?
 
R

Rock

Thanks for your reply. I thought I had followed the removal steps given by
Malke,
I do have a current full AV program updated every day provided by my ISP.
I
beleive I was responsible for allowing the initial infection through a
file
sharer. I ran 3 AV progs in safe mode and the majority of the infections
were tracking cookies though there were 2 dialers. I thought I was quite
PC
savvy but I realise now that I don't come close. I hope I'm not taking the
easy route and have done what I can within my abilities. Without going to
an
expert something I don't have access to I would need very detailed
instructions to go any further.

Ok, you wrote that you had run AVG and Spybot. You didn't mention anything
about the other malware steps on Malke's site. Did you run Sysclean and or
Multi_AV? Have you run HijackThis and posted the log to one of the
specialty forums?

Also there are specialty newsgroups for malware issues. Here is one of
them.
microsoft.public.security.virus
 
R

Rock

I have run Multi AV & Sysclean, and it does seem like I do have more
problems
than I first thought. Both of the programs above remove some of the
infections it finds but some problems seem to exist in files they cannot
gain
access to. The malware seems to have now re-spawned on my main hard drive
but also on an external hard drive I use for back-up. I wasn't sure about
how
Hijack this worked but it now becomes clear i.e the log from trend micro
so
I'm about to have another go but it is begining to look as though the only
option is to re-install xp the only problem with that is that this was pre
installed by Dell so I only have a recovery disk and living in France.....


It may be best to do a clean install, but first I would suggest if you
haven't already, that you post to the virus newsgroup that I listed. And
run HijackThis and post the log for it to one of the specialty forums, not
this one. Good luck.

Forums to Interpret HijackThis Logs:

http://forums.spywareinfo.com/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top