|
|
Help! Can't delete a file in Windows XP!
This should be so simple on the face of it, but aaaaargh!
In a nutshell, I have a virus that has corrupted the USERINIT registry entry. Identified it ok. Just need to delete c:\program\abc\def.exe (I got the name from regedit.) 1. I can't delete folder "abc" because it says it's "not empty". Fair enough, I'll delete "def" first. 2. Uh huh. Says "def" isn't there. 3. I go into DOS (or rather the command prompt feature of WXP). 4. I do the ATTRIB command for -r -s -h, and it takes it without error message..... BUT nothing's changed, at all! 5. Read on the internet that the TYPE command ignores whether files are hidden/system, so I do that on def.exe. 6. YES! It lists gobbledegook (as expected with .exe data) so that proves it DOES exist and is still there. So - the question seems to be why the ATTRIB command had no effect..... anybody have any suggestions? Thanks Guy |
Help! Can't delete a file in Windows XP!
On 8/1/2011 3:37 PM, Guy Fletcher wrote:
This should be so simple on the face of it, but aaaaargh! In a nutshell, I have a virus that has corrupted the USERINIT registry entry. Identified it ok. Just need to delete c:\program\abc\def.exe (I got the name from regedit.) 1. I can't delete folder "abc" because it says it's "not empty". Fair enough, I'll delete "def" first. 2. Uh huh. Says "def" isn't there. 3. I go into DOS (or rather the command prompt feature of WXP). 4. I do the ATTRIB command for -r -s -h, and it takes it without error message..... BUT nothing's changed, at all! 5. Read on the internet that the TYPE command ignores whether files are hidden/system, so I do that on def.exe. 6. YES! It lists gobbledegook (as expected with .exe data) so that proves it DOES exist and is still there. So - the question seems to be why the ATTRIB command had no effect..... anybody have any suggestions? Thanks Guy Linux, Knoppix, BartPE, or the XP Recovery Console should allow you to delete the folders and files. Have you tried Malwarebytes? http://www.malwarebytes.org -- Joe =o) |
Help! Can't delete a file in Windows XP!
Guy Fletcher wrote:
This should be so simple on the face of it, but aaaaargh! In a nutshell, I have a virus that has corrupted the USERINIT registry entry. Identified it ok. Just need to delete c:\program\abc\def.exe (I got the name from regedit.) 1. I can't delete folder "abc" because it says it's "not empty". Fair enough, I'll delete "def" first. 2. Uh huh. Says "def" isn't there. 3. I go into DOS (or rather the command prompt feature of WXP). 4. I do the ATTRIB command for -r -s -h, and it takes it without error message..... BUT nothing's changed, at all! 5. Read on the internet that the TYPE command ignores whether files are hidden/system, so I do that on def.exe. 6. YES! It lists gobbledegook (as expected with .exe data) so that proves it DOES exist and is still there. So - the question seems to be why the ATTRIB command had no effect..... anybody have any suggestions? Thanks Guy When logged into Windows, have you tried the following? - Load and leave loaded Task Manager. - Kill all instances of explorer.exe (your desktop disappears). - New - Task menu to run cmd.exe to load a console shell. - Do a file/folder delete in the console window. - Use New - Task menu to reload explorer.exe (your desktop reappears). Alternatively, have you tried the following to delete the file/folder? - Booting Windows into its Safe Mode? - Into its Recovery Console mode? |
Help! Can't delete a file in Windows XP!
Thanks guys for your replies.
First, I did the stopping explorer thing. This was new to me. Got the command screen, did the ATTRIB etc. but no change. However, it's a useful thing to know for the future so thanks for that. Then I looked into Recovery Console, again new to me. Couldn't get very far, as it wouldn't let me access the "Program Files" directory. The internet seems to back that up - i.e. you can only do things in C:\WINDOWS (?) with that, so that was a non-starter. Then I tried Malwarebytes. Had heard of it before, but I honestly have so many of such programs (always found Superantispyware the best myself, though not 100% ideal) that I was a bit sceptical. Anyway, I tried it and it DID bring up the directory and invisible program, so thanks for that recommendation! Will def. use it again. I was ecstatic for a while, deleting them and restarting. My happiness was short-lived, however, as the damn thing came back! In short, it seems this registry item gets corrupted EVERY time I start up:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon It contains the userinit.exe (as it should) but appends it to the infernal spyware program, always with the same name (though seemingly random letters). I just don't know where it's being edited from. All I know is that it all started when I upgraded from IE6 to IE8. I downloaded IE8 from Microsoft's own site, so I don't know what to think. I'm thinking of going back to IE6 as the only solution! Thanks again anyway. Guy |
Help! Can't delete a file in Windows XP!
Guy Fletcher wrote:
Thanks guys for your replies. First, I did the stopping explorer thing. This was new to me. Got the command screen, did the ATTRIB etc. but no change. However, it's a useful thing to know for the future so thanks for that. Then I looked into Recovery Console, again new to me. Couldn't get very far, as it wouldn't let me access the "Program Files" directory. The internet seems to back that up - i.e. you can only do things in C:\WINDOWS (?) with that, so that was a non-starter. Then I tried Malwarebytes. Had heard of it before, but I honestly have so many of such programs (always found Superantispyware the best myself, though not 100% ideal) that I was a bit sceptical. Anyway, I tried it and it DID bring up the directory and invisible program, so thanks for that recommendation! Will def. use it again. I was ecstatic for a while, deleting them and restarting. My happiness was short-lived, however, as the damn thing came back! In short, it seems this registry item gets corrupted EVERY time I start up:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon It contains the userinit.exe (as it should) but appends it to the infernal spyware program, always with the same name (though seemingly random letters). I just don't know where it's being edited from. All I know is that it all started when I upgraded from IE6 to IE8. I downloaded IE8 from Microsoft's own site, so I don't know what to think. I'm thinking of going back to IE6 as the only solution! Thanks again anyway. Guy Don't know what anti-virus program you use. Does it have a boot-time scanner (to scan BEFORE the operating system loads along with any drivers of which one could be the pest)? Alternatively you could use a boot CD that has anti-malware to scan for the pest *without* your OS being loaded. |
Help! Can't delete a file in Windows XP!
On 8/2/2011 11:54 AM, Guy Fletcher wrote:
Thanks guys for your replies. First, I did the stopping explorer thing. This was new to me. Got the command screen, did the ATTRIB etc. but no change. However, it's a useful thing to know for the future so thanks for that. Then I looked into Recovery Console, again new to me. Couldn't get very far, as it wouldn't let me access the "Program Files" directory. The internet seems to back that up - i.e. you can only do things in C:\WINDOWS (?) with that, so that was a non-starter. Then I tried Malwarebytes. Had heard of it before, but I honestly have so many of such programs (always found Superantispyware the best myself, though not 100% ideal) that I was a bit sceptical. Anyway, I tried it and it DID bring up the directory and invisible program, so thanks for that recommendation! Will def. use it again. I was ecstatic for a while, deleting them and restarting. My happiness was short-lived, however, as the damn thing came back! In short, it seems this registry item gets corrupted EVERY time I start up:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon It contains the userinit.exe (as it should) but appends it to the infernal spyware program, always with the same name (though seemingly random letters). I just don't know where it's being edited from. All I know is that it all started when I upgraded from IE6 to IE8. I downloaded IE8 from Microsoft's own site, so I don't know what to think. I'm thinking of going back to IE6 as the only solution! Thanks again anyway. Guy AVG now has an a/v Rescue CD that's free.. it should remove any rootkit that is causing the changes. It runs in RAM so Windows processes can't take control. TAVG also has a free USB download that should work on newer systems that can boot from a USB device. Get them he http://www.avg.com/us-en/avg-rescue-cd -- Joe =o) |
Help! Can't delete a file in Windows XP!
Try installing this free utility ;
"Unlocker" http://www.brothersoft.com/download-...er-208761.html ....or go to the official developer's website : http://unlocker.emptyloop.com/ ....it automatically (& manually via a right-click file menu ) detects when a file operation fails due to programs having active open handles on the object you are trying to rename / move / delete and allows you to either close the offending program's open handles or terminate the program entirely - and so release the object for your proffered file operation. It also has the built-in ability to "Delete on reboot" as a last resort, a function that other utilities offer on it's own but is incorporated into this useful (at least I find it so) program. == Cheers, Tim Meddick, Peckham, London. :-) "Guy Fletcher" wrote in message ... This should be so simple on the face of it, but aaaaargh! In a nutshell, I have a virus that has corrupted the USERINIT registry entry. Identified it ok. Just need to delete c:\program\abc\def.exe (I got the name from regedit.) 1. I can't delete folder "abc" because it says it's "not empty". Fair enough, I'll delete "def" first. 2. Uh huh. Says "def" isn't there. 3. I go into DOS (or rather the command prompt feature of WXP). 4. I do the ATTRIB command for -r -s -h, and it takes it without error message..... BUT nothing's changed, at all! 5. Read on the internet that the TYPE command ignores whether files are hidden/system, so I do that on def.exe. 6. YES! It lists gobbledegook (as expected with .exe data) so that proves it DOES exist and is still there. So - the question seems to be why the ATTRIB command had no effect..... anybody have any suggestions? Thanks Guy |
| All times are GMT +1. The time now is 02:57 PM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters