Re: deleting undeletable files
From: Sid9 (sid9_at_bellsouth.net)
Date: 01/22/05
- Next message: Rick \: "Re: MSpaint just opens blank window then has to close :o("
- Previous message: Marty: "Internet Window`Sizing"
- In reply to: cquirke (MVP Win9x): "Re: deleting undeletable files"
- Next in thread: Kelly: "Re: deleting undeletable files"
- Reply: Kelly: "Re: deleting undeletable files"
- Reply: cquirke (MVP Win9x): "Re: deleting undeletable files"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 21 Jan 2005 21:13:36 -0500
I had an executable file that kept opening everytime I deleted it from the
Task Manager.
I don't believe XP will let you delete an open file.
The malware program didn't start up in safe mode.
I was able to delete the executable.
That stopped the continual startups of the malware.
That then allowed me to get on with the cleanup
Anyway that's how I saw my problem and it worked.
If I'm wrong, please tell me
cquirke (MVP Win9x) wrote:
> On Wed, 19 Jan 2005 23:47:33 -0500, "Sid9" <sid9@bellsouth.net> wrote:
>
>> Try deleting it in safe mode.
>
> Where malware is concerned, Safe Mode isn't.
>
> SafER, in the sense that it is safer to plunge your hand into boiling
> water than blazing petrol, but that's about it.
>
>> Chris wrote:
>
>>> There is a program running on my computer, I know exaclty where it
>>> is, what's it's called and all that. It runs in my process list of
>>> my Task Manager, but when I try to stop it, I get some sort of
>>> citical system error message.
>
> Yep. Don't go head-to-head with malware while it is running.
>
> http://cquirke.mvps.org/whatmos.htm refers.
>
>>> I tried to delete it with safe mode, cmd prompt
>
> That is the best tool MS gives you. Often it's not good enough.
>
>>> Anyone know of a way of deleting it?
>
> You need a maintenance OS that can run without running anything off
> the HD - both while the OS boots, and when it is running and accessing
> the infected HD. That's the only way to know the malware is not
> running by the time you pick a fight with it.
>
> Else the malware will be in the position to make you very sorry
> indeed. You can't count on malware not using that opportunity.
>
> Note that removing the file won't resolve any references to it in the
> registry. To do that at the same time as you kill (or better, rename
> away) the malware file(s), I'd use a Bart PE CD and attach the
> stricken HD's registry hives to Regedit in Bart. Remember, the
> registry you see natively in Bart's won't be that on the HD.
>
> I don't think Linux boot disks can manage the registry, and even Linux
> fans don't put too much faith in NTFS support (usual advice; reading
> is safe, but YMMV with writes).
>
>
>
>> -------------------- ----- ---- --- -- - - - -
> Reality is that which, when you stop believing
> in it, does not go away (PKD)
>> -------------------- ----- ---- --- -- - - - -
- Next message: Rick \: "Re: MSpaint just opens blank window then has to close :o("
- Previous message: Marty: "Internet Window`Sizing"
- In reply to: cquirke (MVP Win9x): "Re: deleting undeletable files"
- Next in thread: Kelly: "Re: deleting undeletable files"
- Reply: Kelly: "Re: deleting undeletable files"
- Reply: cquirke (MVP Win9x): "Re: deleting undeletable files"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
