undeleteable file
Ive tried 5 different programs to remove spyware from my computer. They found and deleted some but missed others. I have found(by virture of Internet security) other files that try to access the internet but I cant delete them! I tried the attrib command -r but it still won't allow the files to be deleted! How do they do that? Is there a way to erase these files and folders?
Thanks,
Paul
Thanks,
Paul
ASKER
I'm afraid that was too easy! the instruction said #1 turn off simple file sharing. those instructions didn't match up with the layout of mycomputer in XP anyway. there was no "tools folder" or any other tabs.
I decided to try to take ownership of the folder anyway. Right-clicked -properties-advanced got just one dialog box no tabs. No security tab and no owner tab.
In short none of the instructions pertained to my OS at all!
I decided to try to take ownership of the folder anyway. Right-clicked -properties-advanced got just one dialog box no tabs. No security tab and no owner tab.
In short none of the instructions pertained to my OS at all!
what OS is yours ?
Sunray
Sunray
mOst spyware files that cannot be deleted are in use. You will not see them in your processes list because they register themselves as system services rather than executable processes. For many of them, you can go to your services.msc console and stop their services, then they can be deleted.
ASKER
I have WinXp Pro. What is services.msc console
Boot into safe mode. (press f8 once per second repeatedly during bootup to get the menu - its only available for a short period, so you might miss it.)
Take ownership of the files and reset the permissions on everything so that you explicitly have full control. Then try and delete it from the directory. ALSO, look in the registry, (regedit.exe) and do a search for the file name. If you find it, erase the entry.
BE WARNED. If this file is needed by the operating system you can really screw yourself up. Registry editing is not for the feignt of heart.
Take ownership of the files and reset the permissions on everything so that you explicitly have full control. Then try and delete it from the directory. ALSO, look in the registry, (regedit.exe) and do a search for the file name. If you find it, erase the entry.
BE WARNED. If this file is needed by the operating system you can really screw yourself up. Registry editing is not for the feignt of heart.
ASKER
taking ownership of files is what has me defeated right now Every link to every tutorial leads to a tutorial that doesn't work. Spyware Nuker is one of the worst ones. as long as I have there webpage on I can type normally. but otherwise i can't. the typing is slow and suddleny without warning, jumps to uppercase. judging from what they say on their webpage, I know its them. they say "does your computer slow down...etc, it may have spyware on it. Their webpage open in a new window and I'm often unaware of it. I would like to eliminate them but i don't know how. This sort of thing should be a federal crime!
Paul
Paul
Just to make sure, did you use ad-aware yet?
the 100% guaranteed way to remove spyware/virii/etc
format C:
format C:
>>I have WinXp Pro. What is services.msc console <<
If you enter services.msc in Start->Run you will get a service control console.
If you enter services.msc in Start->Run you will get a service control console.
ASKER
focusyn, I brought up services.msc. As far as I can tell everything is proper. There was something called scriptblocker that *wasn't* running and I thought it might be a good thing to turn it on, so I did After I went to the site for spyware nuker my typing is not sluggish anymore, and I've had no further trouble from them. I found a key in the registry that said "Domains" thre must have been thousands of subkeys under it, all bearing ad sounding names. It was impossible deleting them one by one so i deleted the key "Domains". I think the spware must have created this key.
One problem I can't get rid of though is the text box and search button that startium.com has placed in IE6. I went to the site and posted a protest but it probley be ignored.
I don't see where the $79 program "Internet Security" has brought me any security at all. I had it set to block all traffic but they came through anyway.
One problem I can't get rid of though is the text box and search button that startium.com has placed in IE6. I went to the site and posted a protest but it probley be ignored.
I don't see where the $79 program "Internet Security" has brought me any security at all. I had it set to block all traffic but they came through anyway.
The most sure-fire way to make sure you are clean is to clean install the OS. However, barring that you can get rid of things through the registry.
Here are some additional techniques. Get TweakUI and look at what services start...track down everything, find out what it is, and where its from. Backup the registry and delete keys that you think are not wanted. Use the task manager to list the running processes...find them all and make sure you know what each one is.
I find the clean reinstall is faster, but if you dont want that, then this is the methodology.
Here are some additional techniques. Get TweakUI and look at what services start...track down everything, find out what it is, and where its from. Backup the registry and delete keys that you think are not wanted. Use the task manager to list the running processes...find them all and make sure you know what each one is.
I find the clean reinstall is faster, but if you dont want that, then this is the methodology.
Sometimes virus / trojan installed itself as service, virus scanners usually cant delete these files.
If you know the infectious file's name, note it down, open Task Manager (Ctrl + Alt + Delete , then select Task Manager)
look for it in the list, if you find it, let say its called "iamvirus.exe", right click on it and select 'End Process Tree'
if that fails, go into Control Panel and find your way to Administrative Tools , then Service, sort the services
by its staus, eg. Started, Stopped, using the column name on the top, now, go through the started services
which you would suspect it to be the troubled ones. You may have to double click on each one of them and
see the actual file name.
I had this keylogger installed on my machine as service, I couldnt delete or stop it no matter what i do, until
I went into the Service window, stopped it, and removed it.
Cheers.
If you know the infectious file's name, note it down, open Task Manager (Ctrl + Alt + Delete , then select Task Manager)
look for it in the list, if you find it, let say its called "iamvirus.exe", right click on it and select 'End Process Tree'
if that fails, go into Control Panel and find your way to Administrative Tools , then Service, sort the services
by its staus, eg. Started, Stopped, using the column name on the top, now, go through the started services
which you would suspect it to be the troubled ones. You may have to double click on each one of them and
see the actual file name.
I had this keylogger installed on my machine as service, I couldnt delete or stop it no matter what i do, until
I went into the Service window, stopped it, and removed it.
Cheers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Generally for removing a file you can follow this
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421&sd=tech
http://support.microsoft.com/default.aspx?scid=kb;en-us;308418
Sunray