Re: [PCWorks] Two malware files I cannot delete, tried everything
- From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: <pcworks@xxxxxxxxxxxxx>
- Date: Fri, 2 Nov 2012 04:47:41 -0500
I must have been too.......because I went to that site and
didn't see it! That's the same as the cmd prompt command.
Thanks.
But, it says this only works "within the system directories of
the current Windows installation, removable media, the root
directory of any hard disk partition, or the local installation
sources."
The files are not in any "system directories" or "root
directory". But all I can do is try it. I don't think it can
recreate itself because it's not tied to anything else and it's
not in the Registry (other than MRU areas).
I don't know if I mentioned it, but when I tried this from the
cmd prompt in Windows, I got this: "The system cannot find the
path specified." Even when using the /F attribute.
-Clint
God Bless,
Clint Hamilton, Owner
www.OrpheusComputing.com
www.ComputersCustomBuilt.com
www.OrpheusComputing.com/most_reliable_cheapest_webhosting.html
www.OrpheusComputing.com/office/computer_accessories.html
----- Original Message -----
From: "Ben Moore"
Sorry Clint in a hurry this morning. I think I got to access
denied and
replied. :-) Looks like DOS it is. (And hope it doesn't
recreate itself.)
http://www.computerhope.com/delhlp.htm
Ben
-----Original Message-----
You must have missed this part of my post:
"I cannot open neither file in Metapad/Notepad, just to see
what they may be. I get "Access denied". They also will not
delete with neither "Unlocker" nor "Move on Boot" (which can
be set to delete)! When I try to delete them in the usual
manner, I get that typical: "Cannot delete [name]. Access
is denied. Make sure the disk is not full or write protected"
or "not in use......" blah blah."
Yeah DOS, I know there's a delete command but I just
can't find it.
-Clint
----- Original Message -----
From: "Ben Moore"
Try a free program called Unlocker.
http://download.cnet.com/Unlocker/3000-2248_4-10493998.html It
has worked
for me when all else failed.
Did you say DOS? ;-)
Ben
-----Original Message-----
Hi all. I have two files on my PC that I haven't been able to
delete, for days, no matter what I do.
One I'm certain it's malware, the other I'm not so sure.
The one that I'm certain it's malware, is at "C:\Documents and
Settings\[username]\etrgmkbywscwfa.exe", of course the file
name is that .exe file. It's 27.8k in size. It HAD a
"proprietary" icon, but after trying to delete it, it changed
to the generic XP blue/white 'application' icon. There was
another similar file in that folder with the same kind of
'random generated name', that anti-malware identified AS
malware, but not this one. (That's how I know it's malware
because it doesn't belong, it was created the same day, and had
the same kind of icon).
The other is at "C:\Documents and Settings\[username]\Local
Settings\temp\SKZMJS" and it has no file extension. I have IE
Privacy Keeper set to delete all files in that folder, yet it
cannot touch that one file. It's only been there about a week.
Because it's new, and because IEPK can't delete it, (and
because of this below) is why I know it's malware.
I cannot open neither file in Metapad/Notepad, just to see what
they may be. I get "Access denied". They also will not delete
with neither "Unlocker" nor "Move on Boot" (which can be set to
delete)! When I try to delete them in the usual manner, I get
that typical: "Cannot delete [name]. Access is denied. Make
sure the disk is not full or write protected" or "not in
use......" blah blah.
Clicking that file with no extension, does nothing but open up
that "Open with" dialog, (and again, nothing can open it).
Clicking on the exe file, says it's not found! "Windows cannot
access the specified device, path or file. You may have not
have the appropriate permissions to access the file".
Right clicking them doesn't even give you the typical
properties dialog where you have a Permissions tab! Other than
those cache/MRU areas, they are not even in the Registry, so I
can't change any permissions there!
I've also tried deleting them from the cmd prompt in XP,
nothing!
So how do I get rid of these? I haven't tried DOS because I
hate it (and I have to go into my BIOS to get keyboard access
in DOS), but that may be the only way. I can't even find the
DOS command for deleting a file now.
Thanks,
-Clint
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
-zxdjhu-
Other related posts:
