Solved

How can you delete a file (possible infection)

Posted on 2010-11-19
11
960 Views
Last Modified: 2013-11-22
When launching CCleaner the laptop freeze systematically at 75% when clean folder under
C:\Documents and Settings\dsaade\Application Data\Sun\Java\

When launching AVG the laptop freezes when reaching
C:\Documents and Settings\dsaade\Application Data\Sun\Java\Deployment

We did run Malware byte in safe mode
We did Install unlocker1.9.0.exe to delete this *.idx file (1 KB)
Also Installed moveonb.msi to delete this *.idx file at reboot

No success

We did pinpoint the problem as being this *.idx file

C:\Documents and Settings\dsaade\Application Data\Sun\Java\Deployment\cache\6.0\62\7c1e60be-2c033b73.idx

As soon as we touch it (even right click we wanted to open it with notepad) the PC freezes

We did launch Check Disk on the C drive:
checked - Automatically fix system errors
checked - Scan for and attempt recovery of bad sectors

At reboot:
What appear on the screen at chkdsk: file record segment 89044
0
Comment
Question by:havette
  • 2
  • 2
  • 2
  • +5
11 Comments
 
LVL 12

Expert Comment

by:TK-77
ID: 34177102
You could try making a bootable CD with Dr Web Cureit and running a virus scan that way. That may remove the file. It's a free download:

http://www.freedrweb.com/livecd/

TK
0
 
LVL 6

Expert Comment

by:wwakefield
ID: 34177115
Have you tried safe mode with Command Prompt?

BCWIPE demo will allow you to right click and delete then it will do it at boot.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 34178704
Right click the File>Properties>Security>Advanced Button>Uncheck "Inherit Permissions>Select "Copy" in the pop up box, >Clock OK, and in the users section at the top, remove all but your logged in user and SYSTEM. Set "Deny, Full Control" rights on the file.

Reboot, and then go back into the file properties, and grant yourself Full control, then delete the file......

Basically this method prevents any hidden startup objects from getting a handle lock on teh file you are trying to delete....

0
 
LVL 2

Accepted Solution

by:
ccampbell15 earned 250 total points
ID: 34180089
download gmer from gmer.net.  Expand the tabs at the top and go to files. You should be able to delete this file with Gmer.
0
 
LVL 4

Expert Comment

by:kuzmanovicb
ID: 34181235
use add remove programs
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 9

Assisted Solution

by:bz43
bz43 earned 250 total points
ID: 34184452
Visit http://technet.microsoft.com/en-us/sysinternals/bb897556.aspx and download "PendMoves v1.1 and MoveFile v1.0".

To delete the file run the this command and then reboot.  The "" makes it delete the file at boot:
Movefile C:\Documents and Settings\dsaade\Application Data\Sun\Java\Deployment\cache\6.0\62\7c1e60be-2c033b73.idx ""
0
 
LVL 23

Expert Comment

by:phototropic
ID: 34186274
I would open the Java console (double-click the icon in control panel) and then go to General tab - Temp.int.files - Settings .  Uncheck "Keep temporary files on my computer" and then OK your way out.  Then go back into the console to the same location, and this time click on the "Delete files" button. Check "Trace and log files" and then OK your way out again.

Now try CCleaner again...
0
 

Author Comment

by:havette
ID: 34192635
Well no luck for the moment:
PendMoves -> freezes
Gmer -> freezes
Permission changes, the moment I uncheck "Inherit Permissions" -> freezes
cmd prompt I did try delete (not in safe mode though) -> freezes
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 34193711
May need to pull the drive out, and slave it to another machine to delete the files.....
0
 
LVL 2

Expert Comment

by:ccampbell15
ID: 34193791
Gmer freezes in safe mode?

Have your tried using the misc section of HJT. You can del a file at reboot with that
0
 
LVL 6

Expert Comment

by:wwakefield
ID: 34198126
@ccampbell15Date Good tip...    I did not realize it did that and use the think all the time.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now