[RESOLVED] Help me delete a file!!

[billman]

Hi there,

I don't ask many questions here. But I have one today.
I have this file in windows\system32 dir.
It was left there by a computer virus.
I have already been thru all the virus stuff, I just need to delete this file.
This is what I have done so far. All say access denied. (file remains)

Safe mode. no luck
windows repair console same , access denied
winternals boot disk ,, does not see Windows XP home directory. So no good.

I have free dos (NTFSBOOT) disk,, I can drill to the file. no delete.

knoppix doesn't see the hard disk in this laptop.

The laptop runs fine, but maleware bytes and spyware bytes report this file as an issue. I can say ignore to this file, and I see no lingering issue with it.

There is no mention of it in the registry.

hijack this sees the file,, checking it off, does not get it.

In all my years I have never been to a place where a file can't be deleted.
I understand the concept that you may erase a file, but a virus puts it back. Something is locking this file.

I tried several download.com file erasers. they work on the dll, but the end result is , it can't remove the file.
Sorry I am making this a long story.
Give me the magic bullet so I can erase this file.

Thanks
Bill

[dneilson]

Give this a try.

http://www.google.com/#hl=en&q=move+...fp=-JGT4tlCrJA

[Steve R Jones]

What is the name of the file?

Odds are you'll find it running in Task Manager and can end task on it and then try to delete it.

[Broni]

If Super, and Bytes are not able to delete that file, it means, your computer is still infected.
I suggest, you go to our HJT section, and post all logs there.

[t34b4g5]

Browse to the file via your command prompt, and just change the attrib permissions on the folder / file

then delete the folder / file.

Make sure system restore has been disabled 1st.

then once deleted re-enable system restore.

[Broni]

...

If Super, and Bytes are not able to delete that file, it means, your computer is still infected.
I suggest, you go to our HJT section, and post all logs there.

[billman]

Thanks so much for the replies.
I had tried these things mentioned here.
The HijackThis was the closest to the fix.
But for whatever, even after repoot the file was still there.
File attrib on this file just showed A
I did try to add -h to the file (attrib -h)
but it came back and said acess denied.

The file name is (was)
C:\windows\system32\upsfeqf.dll

clearly the trigger file (on this laptop) for Trojan.Vundo.H

I didn't want to do it, but I took the drive out of the laptop, 2nd hard disk on my PC.
Drilled down to the file and was able to delete it.
Drive back in laptop,, now nothing found with malwarebytes, and superantspyware.

Reminds me of the 'old days' when you would hack the fat table to get rid of a stubborn file.

Again,,, thanks,
Bill

[SirKenin]

It's actually quite simple, but please follow these instructions precisely.

First you download a program called "Pocket Killbox".

Next, do the following:

• Go into My Computer

.

• Click on tools

• Click on Folder Options

• Click on the View tab

• Check "Show hidden files and folders"

• Uncheck "'Hide protected operating system files (recommended)"

• Click Yes to confirm

• Uncheck "Hide extensions for known file types"

• Click ok

Next, open Pocket Killbox.

• To the right of the blank box there's a folder icon. Click it.

• Browse to the file you want to delete and select it.

• Check "end Explorer shell while killing file"

• Check "unregister .dll before deleting"

• Click the Red X

It should delete it. If not, then rather than Standard File kill, check "Delete on Reboot".

If you have a malware program monitoring registry entries, such as spybot, this may not work. Get rid of Spybot anyways, it's useless. Otherwise halt the protection temporarily or perform this action in Safe Mode.