Re: Cannot delete file - Unable to remove permissions

From: prasad.addepalli@xxxxxxxxx
Date: Tue, 11 Dec 2007 00:15:47 -0800 (PST)

Thank you Dave,
I have not tried the safe mode administrator option..I was able to get
the security tab in the normal mode itself..
I added the following registty key..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]
"OptionValue"=dword:00000001

The file appears to be a part of a rootkit type infection...and seems
to have a kernel mode driver protecting it..

CACLS gives the following result for the ACL

USERS:R
Administrator:F
<username>:F

Trying to modify the permission gives a access denied error..
I would be trying the safe mode admin option and I will let you know
the result.
I file is loaded as an Explorer BHO and is injecting itself into
several processes..we are looking at some complex malware here..

Thanks,
Prasad Addepalli

On Dec 10, 1:17 pm, "Dave Patrick" <DSPatr...@xxxxxxxxxxxxxxxx> wrote:

Have you logged on as local administrator from a 'Safe Mode' boot?

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]http://www.microsoft.com/protect

"Jamie" wrote:

And what if after clicking <FILE> <PROPERTIES> there is no security tab???

Thank you- Hide quoted text -

- Show quoted text -

Follow-Ups:
- Re: Cannot delete file - Unable to remove permissions
  - From: Pegasus \(MVP\)

References:
- Cannot delete file - Unable to remove permissions
  - From: prasad . addepalli
- Re: Cannot delete file - Unable to remove permissions
  - From: Dave Patrick
- Re: Cannot delete file - Unable to remove permissions
  - From: Dave Patrick

Prev by Date: Re: Cannot copy <filename>: Insufficient system resources
Next by Date: Re: Cannot delete file - Unable to remove permissions
Previous by thread: Re: Cannot delete file - Unable to remove permissions
Next by thread: Re: Cannot delete file - Unable to remove permissions
Index(es):
- Date
- Thread

Relevant Pages

Re: Safe Mode Boot Loop; Normal Boot OK
... in normal mode "or" ... I attempted to boot to Safe Mode to run a virus/malware ... load if logged in as Administrator (normal machine login is as a Power ...
(microsoft.public.windowsxp.general)
Re: pop up across desktop
... Thanks, Steve T. ... download it and upgrade immediately then press Scan Your Computer button ... in normal mode; found 7 infections and cleaned them ... It did not find anything in Safe Mode after. ...
(microsoft.public.windowsxp.general)
Re: Exchange Server Name
... I disabled some services and successfully restarted in normal mode. ... to get to the server desktop, but the server name is still unclear to me what ... While in safe mode, check to see if you can id any significant errors that ... Stop every non critical service on the box except exchange. ...
(microsoft.public.windows.server.sbs)
Re: Complete Crash without Blue Screen
... "Don Deacon" wrote in message ... I booted into safe mode (MCE doesn't auto launch in safe mode so it wasn't running those times I said the system was stable in safe mode). ... I stopped MCE from auto startup in normal mode and the system has been starting up fine since then. ...
(microsoft.public.windows.vista.hardware_devices)
Re: Please-- help me with uninstall and reinstall of video drivers
... into normal mode, and was working on the glitches... ... the arrow.I will reboot into safe mode again... ... I'm using my laptop now, and I will try to uninstall both ... Remove them both then reboot. ...
(microsoft.public.windowsxp.help_and_support)