|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
|
Thread Tools | Display Modes |
|
#1
February 23rd 09, 01:06 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
Can't delete kqbmsupb.dat from my temp directory
I have a file named "kqbmsupb.dat" in my temp directory that I am unable to
delete. It doesn't appear to be locked by any program but I keep getting an Access Denied error. When I open the properties on the file there is no Security tab. I am an admin on the machine which is running Windows XP SP3 and is part of a domain. Here are some of the things I tried to delete the file and they all failed. 1) Signed in as Administrator 2) Tried Safe Mode 3) Used Unlocker 4) Used recovery console 5) Used Sysinternals Process Explorer but file does not show up 6) Used Sysinternals Handle but file does not show up 7) Tried to quarentine it with my AV software 8) Tried to delete it with Anti-malware software Any suggestions would be welcome. Dave 
|
| Ads |
|
#2
February 23rd 09, 01:16 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
From: "DaveF"
| I have a file named "kqbmsupb.dat" in my temp directory that I am unable to | delete. It doesn't appear to be locked by any program but I keep getting an | Access Denied error. When I open the properties on the file there is no | Security tab. I am an admin on the machine which is running Windows XP SP3 | and is part of a domain. | Here are some of the things I tried to delete the file and they all failed. | 1) Signed in as Administrator | 2) Tried Safe Mode | 3) Used Unlocker | 4) Used recovery console | 5) Used Sysinternals Process Explorer but file does not show up | 6) Used Sysinternals Handle but file does not show up | 7) Tried to quarentine it with my AV software | 8) Tried to delete it with Anti-malware software | Any suggestions would be welcome. | Dave Use Process Explorer to find what process is keeping that file handle held open. http://technet.microsoft.com/en-us/s.../bb896653.aspx -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
|
#3
February 23rd 09, 01:48 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
"David H. Lipman" wrote in message ... From: "DaveF" | I have a file named "kqbmsupb.dat" in my temp directory that I am unable to | delete. It doesn't appear to be locked by any program but I keep getting an | Access Denied error. When I open the properties on the file there is no | Security tab. I am an admin on the machine which is running Windows XP SP3 | and is part of a domain. | Here are some of the things I tried to delete the file and they all failed. | 1) Signed in as Administrator | 2) Tried Safe Mode | 3) Used Unlocker | 4) Used recovery console | 5) Used Sysinternals Process Explorer but file does not show up | 6) Used Sysinternals Handle but file does not show up | 7) Tried to quarentine it with my AV software | 8) Tried to delete it with Anti-malware software | Any suggestions would be welcome. | Dave Use Process Explorer to find what process is keeping that file handle held open. http://technet.microsoft.com/en-us/s.../bb896653.aspx -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp #5 on my list.
|
|
#4
February 23rd 09, 02:00 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
From: "DaveF"
| #5 on my list. Sorry... Have you tried "find" (find handle or DLL) from the pulldown menu ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
|
#5
February 23rd 09, 02:12 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
"David H. Lipman" wrote in message ... From: "DaveF" | #5 on my list. Sorry... Have you tried "find" (find handle or DLL) from the pulldown menu ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Yes sir! That is what leads to state that there is no lock on the file. It appears to simply be a permission issue but I can't find a way to change the permissions.
|
|
#6
February 23rd 09, 02:17 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
DaveF wrote:
I have a file named "kqbmsupb.dat" in my temp directory that I am unable to delete. It doesn't appear to be locked by any program but I keep getting an Access Denied error. When I open the properties on the file there is no Security tab. I am an admin on the machine which is running Windows XP SP3 and is part of a domain. Here are some of the things I tried to delete the file and they all failed. 1) Signed in as Administrator 2) Tried Safe Mode 3) Used Unlocker 4) Used recovery console 5) Used Sysinternals Process Explorer but file does not show up 6) Used Sysinternals Handle but file does not show up 7) Tried to quarentine it with my AV software 8) Tried to delete it with Anti-malware software Any suggestions would be welcome. Dave Have you tried taking ownership of the file? If Home version, you need Safe Mode to do so. Then you should be able to control it. You didn't mention TaskManager or msconfig? HTH Twayne
|
|
#7
February 23rd 09, 02:28 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
From: "DaveF"
| Yes sir! That is what leads to state that there is no lock on the file. It | appears to simply be a permission issue but I can't find a way to change the | permissions. Hmmm... Could be a RootKit. Did you search the Registry for; kqbmsupb.dat ? Go to Device Manager. Go to View -- show hidden devices. Look for anything called TDSSxxx and/or loading a file such as TDSsxxx.sys -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
|
#8
February 23rd 09, 02:43 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
From: "DaveF"
| Yes sir! That is what leads to state that there is no lock on the file. It | appears to simply be a permission issue but I can't find a way to change the | permissions. When you get a chance, download Gmer. Close all applications and as many ruuning programs as possible and run a full scan as well as download and execute Catchme. http://www.gmer.net/index.php http://www.gmer.net/files.php -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
|
#9
February 23rd 09, 02:45 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
"David H. Lipman" wrote in message ... From: "DaveF" | Yes sir! That is what leads to state that there is no lock on the file. It | appears to simply be a permission issue but I can't find a way to change the | permissions. Hmmm... Could be a RootKit. Did you search the Registry for; kqbmsupb.dat ? Go to Device Manager. Go to View -- show hidden devices. Look for anything called TDSSxxx and/or loading a file such as TDSsxxx.sys -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp The anti-malware software did identify it as a rootkit and claimed it needed a reboot to remove it but the file is still there after rebooting.
|
|
#10
February 23rd 09, 02:51 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
"Twayne" wrote in message
... DaveF wrote: I have a file named "kqbmsupb.dat" in my temp directory that I am unable to delete. It doesn't appear to be locked by any program but I keep getting an Access Denied error. When I open the properties on the file there is no Security tab. I am an admin on the machine which is running Windows XP SP3 and is part of a domain. Here are some of the things I tried to delete the file and they all failed. 1) Signed in as Administrator 2) Tried Safe Mode 3) Used Unlocker 4) Used recovery console 5) Used Sysinternals Process Explorer but file does not show up 6) Used Sysinternals Handle but file does not show up 7) Tried to quarentine it with my AV software 8) Tried to delete it with Anti-malware software Any suggestions would be welcome. Dave Have you tried taking ownership of the file? If Home version, you need Safe Mode to do so. Then you should be able to control it. You didn't mention TaskManager or msconfig? HTH Twayne It is the Pro version. Nothing out of the ordinary appears in either task manager or msconfig. There is no security tab in properties to change the permissions. Is there another way to take ownership?
|
|
#11
February 23rd 09, 02:52 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
From: "DaveF"
| The anti-malware software did identify it as a rootkit and claimed it needed | a reboot to remove it but the file is still there after rebooting. Bingo ! It is still there because it is protected. What anti malware software declared this and what was it identified as ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
|
#12
February 23rd 09, 03:02 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
"David H. Lipman" wrote in message ... From: "DaveF" | The anti-malware software did identify it as a rootkit and claimed it needed | a reboot to remove it but the file is still there after rebooting. Bingo ! It is still there because it is protected. What anti malware software declared this and what was it identified as ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Software was Malwarebytes and it was identified as "kqbmsupb.dat (Rootkit.Agent)"
|
|
#13
February 23rd 09, 03:06 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
From: "DaveF"
| Software was Malwarebytes and it was identified as "kqbmsupb.dat | (Rootkit.Agent)" Please use the Gmer utilities like I requested. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
|
#14
February 23rd 09, 03:52 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
"David H. Lipman" wrote in message ... From: "DaveF" | Software was Malwarebytes and it was identified as "kqbmsupb.dat | (Rootkit.Agent)" Please use the Gmer utilities like I requested. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Dave, I was able to delete the file with GMER. Thank you very much. Dave
|
|
#15
February 23rd 09, 11:21 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Can't delete kqbmsupb.dat from my temp directory
From: "DaveF"
| Dave, | I was able to delete the file with GMER. Thank you very much. | Dave YW :-) -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
