Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

undeleteable file

Posted on 2003-10-21
15
Medium Priority
?
1,629 Views
Last Modified: 2010-04-11
Ive tried 5 different programs to remove spyware from my computer. They found and deleted some but missed others. I have found(by virture of Internet security) other files that try to access the internet but I cant delete them! I tried the attrib command -r but it still won't allow the files to be deleted! How do they do that? Is there a way to erase these files and folders?
Thanks,
Paul
0
Comment
Question by:annas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +3
15 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9595457
0
 

Author Comment

by:annas
ID: 9595642
I'm afraid that was too easy! the instruction said #1 turn off simple file sharing. those instructions didn't match up with the layout of mycomputer in XP anyway. there was no "tools folder" or any other tabs.
I decided to try to take ownership of the folder anyway. Right-clicked -properties-advanced got just one dialog box no tabs. No security tab and no owner tab.

In short none of the instructions pertained to my OS at all!
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9596383
what OS is yours ?

Sunray
0
WEBINAR - Latest Cyber Tips for Defense

Join the WatchGuard Threat Research Team on October 26th for an informative webinar featuring expert tips and tricks for defending your organization from today's latest cyber threats. Don't leave yourself vulnerable to attack. Register for the webinar today!

 
LVL 49

Expert Comment

by:sunray_2003
ID: 9596388
0
 
LVL 7

Expert Comment

by:Focusyn
ID: 9599180
mOst spyware files that cannot be deleted are in use.  You will not see them in your processes list because they register themselves as system services rather than executable processes.  For many of them, you can go to your services.msc console and stop their services, then they can be deleted.
0
 

Author Comment

by:annas
ID: 9599613
I have WinXp Pro. What is services.msc console
0
 
LVL 4

Expert Comment

by:Kokoglen
ID: 9599660
Boot into safe mode.  (press f8 once per second repeatedly during bootup to get the menu - its only available for a short period, so you might miss it.)
Take ownership of the files and reset the permissions on everything so that you explicitly have full control.  Then try and delete it from the directory.  ALSO, look in the registry, (regedit.exe) and do a search for the file name.  If you find it, erase the entry.

BE WARNED.  If this file is needed by the operating system you can really screw yourself up.  Registry editing is not for the feignt of heart.
0
 

Author Comment

by:annas
ID: 9601467
taking ownership of files is what has me defeated right now Every link  to every tutorial leads to a tutorial that doesn't work. Spyware Nuker is one of the worst ones. as long as I have there webpage on I can type normally. but otherwise i can't. the typing is slow and suddleny without warning, jumps to uppercase. judging from what they say on their webpage, I know its them. they say "does your computer slow down...etc, it may have spyware on it. Their webpage open in a new window and I'm often unaware of it. I would like to eliminate them but i don't know how. This sort of thing should be a federal crime!
Paul
0
 
LVL 4

Expert Comment

by:Kokoglen
ID: 9601511
Just to make sure, did you use ad-aware yet?
0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9602072
the 100% guaranteed way to remove spyware/virii/etc

format C:

0
 
LVL 7

Expert Comment

by:Focusyn
ID: 9602204
>>I have WinXp Pro. What is services.msc console <<


If you enter services.msc in Start->Run you will get a service control console.
0
 

Author Comment

by:annas
ID: 9602984
focusyn, I brought up services.msc. As far as I can tell everything is proper. There was something called scriptblocker that *wasn't* running and I thought it might be a good thing to turn it on, so I did After I went to the site for spyware nuker my typing is not sluggish anymore, and I've had no further trouble from them. I found a key in the registry that said "Domains" thre must have been thousands of subkeys under it, all bearing ad sounding names. It was impossible deleting them one by one so i deleted the key "Domains". I think the spware must have created this key.

 One problem I can't get rid of though is the text box and search button that startium.com has placed in IE6. I went to the site and posted a protest but it probley be ignored.

I don't see where the $79 program "Internet Security" has brought me any security at all. I had it set to block all traffic but they came through anyway.
0
 
LVL 4

Expert Comment

by:Kokoglen
ID: 9603206
The most sure-fire way to make sure you are clean is to clean install the OS.  However, barring that you can get rid of things through the registry.

Here are some additional techniques.  Get TweakUI and look at what services start...track down everything, find out what it is, and where its from.  Backup the registry and delete keys that you think are not wanted.  Use the task manager to list the running processes...find them all and make sure you know what each one is.

I find the clean reinstall is faster, but if you dont want that, then this is the methodology.
0
 

Expert Comment

by:DigitalMechanic
ID: 9607582
Sometimes virus / trojan installed itself as service, virus scanners usually cant delete these files.
If  you know the infectious file's name, note it down, open Task Manager (Ctrl + Alt + Delete , then select Task Manager)

look for it in the list, if you find it, let say its called "iamvirus.exe", right click on it and select 'End Process Tree'
if that fails, go into Control Panel and find your way to Administrative Tools , then Service, sort the services
by its staus, eg. Started, Stopped, using the column name on the top, now, go through the started services
which you would suspect it to be the troubled ones.  You may have to double click on each one of them and
see the actual file name.

I had this keylogger installed on my machine as service, I couldnt delete or stop it no matter what i do, until
I went into the Service window, stopped it, and removed it.

Cheers.
0
 
LVL 7

Accepted Solution

by:
Focusyn earned 500 total points
ID: 9607713
THe startium toolbar installs and registers it's own DLL's
You must manually go and unregister the DLLs with regsvr32
Th DLLs are:
C\windows\downloaded program files\bbarwnd.dll
c:\windows\downloaded program files\letssearchie.dll

***Kill the processes***
First thing you want to do is close all internet explorer windows, go in the task mabnager under processes and kill all instances of "letssearch.exe" and/or "uptodate.exe"

***Unregister the DLLs***
go to STart->Run and enter:
RegSvr32 /u C\windows\downloaded program files\bbarwnd.dll
and then
RegSvr32 /u c:\windows\downloaded program files\letssearchie.dll
This will unregister the two dlls, which are the control files for adding the garbage to Internet Explorer.  

***Clean up the registry***
Then run regedit and delete the following keys:
HKEY_CLASSES_ROOT\browseraidtoolbar.ieshower.1
HKEY_CLASSES_ROOT\browseraidtoolbar.ietoolbar
HKEY_CLASSES_ROOT\browseraidtoolbar.ietoolbar.1
HKEY_CLASSES_ROOT\clsid\{2a167e61-d100-450d-a1b0-6eaf394bcb87}
HKEY_CLASSES_ROOT\clsid\{337d0c1d-4053-4fab-af2b-45c2f7b0faa6}
HKEY_CLASSES_ROOT\clsid\{4a2563c7-fc68-4ee8-a11c-2022ebcc1b0f}
HKEY_CLASSES_ROOT\clsid\{6d55490c-1bd4-4790-ba31-84d261316e28}
HKEY_CLASSES_ROOT\clsid\{7313bfd0-62c4-40f4-8041-3fbdbc80ac07}
HKEY_CLASSES_ROOT\clsid\{80672997-d58c-4190-9843-c6c61af8fe97}
HKEY_CLASSES_ROOT\clsid\{85c2c2a1-3f20-4ead-adc3-bd3217391543}
HKEY_CLASSES_ROOT\clsid\{8a7d38be-849d-478f-a7cf-55ec95722358}
HKEY_CLASSES_ROOT\clsid\{f20ae630-6de2-43ca-a988-7cd40c36ef0b}
HKEY_CLASSES_ROOT\interface\{2a167e61-d100-450d-a1b0-6eaf394bcb87}
HKEY_CLASSES_ROOT\interface\{4a2563c7-fc68-4ee8-a11c-2022ebcc1b0f}
HKEY_CLASSES_ROOT\interface\{8a7d38be-849d-478f-a7cf-55ec95722358}
HKEY_CLASSES_ROOT\typelib\{7313bfd0-62c4-40f4-8041-3fbdbc80ac07}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{f20ae630-6de2-43ca-a988-7cd40c36ef0b}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{07b7f771-1b8e-4b7b-823e-ffac1732aa9e}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{337d0c1d-4053-4fab-af2b-45c2f7b0faa6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\letssearch
HKEY_CLASSES_ROOT\browseraidtoolbar.helper
HKEY_CLASSES_ROOT\browseraidtoolbar.helper.1
HKEY_CLASSES_ROOT\browseraidtoolbar.ieshower

***Delete the files***
Now go through Windows Explorer and delete the following list of files:
c:\Windows\downloaded program files\bbarwnd.dll
c:\Windows\downloaded program files\conflict.1\letssearch.exe
c:\Windows\downloaded program files\letssearch.exe
c:\Windows\downloaded program files\letssearchie.dll
c:\Windows\downloaded program files\lstoolbarconfig.inf
c:\Windows\uptodate.exe
 Find the directory called "letssearch" which should be in C:\Program Files\ and delete it as well

***rejoice***
Enjoy a computer without their POS software mucking it up


0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question