Page 1 of 2 12 LastLast
Results 1 to 15 of 26
  1. #1
    New Lounger
    Join Date
    Jan 2010
    Location
    Venezuela
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    In Disc C:/ I have Windows PO Professional and all programs installed under it only. Apparently due to a virus that, apparently too, is no longer in my PC, there are in that disc nine files (2.9 GB each is, with one single letter name —A, E, F, S, etc.— with no extension) which are taken about 27 GB of disc C space.

    I discovered them using Total Commander. When I tried to see them using Windows Explore I couldn’t deactivate the “Hide system protected files (recommended)”. When I finally could unblock that and I see the files, I entered Safe Mode and I could see the file via Total Commander but no via Windows Explore.

    What I found about that supposed virus relates it to NTDETECT.COM and says that it is kind of trojan that sends info outside and generates a lot of small files that take over the disc space. In my case there are no small files but nine of 3,181,641,728 bytes each, and they have not increased size at all since I discovered them.

    I use Eset Smart Suite 4 and Avira Personal Free. They haven´t found any malware in my PC. Malwarebytes’ and SUPERantimalware neither.

    I have looked for a way to move/delete those files desperately but without success. Unlocker, WhoLockMe, Files Assassin and other have failed.

    According to Unlocker the set of processes related to each one of these nine files is never the same, but all sets have in common two processes: Explore.exe an System. It’s clear that if I end these processes I shut down my PC, so this is not a solution at all.
    Attached Images Attached Images

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    New Lounger
    Join Date
    Dec 2009
    Location
    Australia
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Not sure if this is any help, but if I have deletion problems, I go into DOS prompt and delete them from there. Works all the time for me.

  4. #3
    Star Lounger
    Join Date
    Dec 2009
    Location
    Mexico City, D.F., Mexico
    Posts
    81
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Usually, when I cannot delete a file (windows says that it is in use), I rename it, shutdown and restart windows and the file with the new name is OK for deletion. Another method is to use a boot CD like Knoppix which will give you access to the Windows file system and from there you can delete the files.
    This eco-post is made of recycled electrons

  5. #4
    Gold Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,490
    Thanks
    7
    Thanked 220 Times in 208 Posts
    It may be a Root Kit virus you have. These viruses hide files from Windows to prevent deletion.

    I suggest you run HiJackThis and post the result on an HJT web site - there are a few good ones about.

    cheers, Paul

  6. #5
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If you don't already have it, even if it doesn't fix your current problem, you might want to add Unlocker - CNET Download.com to your system for future use.

  7. #6
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    South of the North Pole
    Posts
    919
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I second the LINUX boot disc approach since you can make any change without Windows running.

  8. #7
    New Lounger
    Join Date
    Jan 2010
    Location
    Venezuela
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Stephane Quenson View Post
    Usually, when I cannot delete a file (windows says that it is in use), I rename it, shutdown and restart windows and the file with the new name is OK for deletion. Another method is to use a boot CD like Knoppix which will give you access to the Windows file system and from there you can delete the files.
    I forgot to say that files cannot be renamed either.

    Quote Originally Posted by Bigaldoc View Post
    If you don't already have it, even if it doesn't fix your current problem, you might want to add Unlocker - CNET Download.com to your system for future use.
    I already used Unlocker. This allowed me to see what processes are linked to each one of those files. It's supposed that if I kill the processes related to an specific file I'll be able to rename/move/detete it. But as said before two of the processes I should delete are EXPLORE.EXE and SYSTEM, and if I kill them my PC shut off.

    Quote Originally Posted by Stephane Quenson View Post
    Usually, when I cannot delete a file (windows says that it is in use), I rename it, shutdown and restart windows and the file with the new name is OK for deletion. Another method is to use a boot CD like Knoppix which will give you access to the Windows file system and from there you can delete the files.
    KNOPPIX is Linux, and I have a handicap in this area because beside my age (70 years) I'm not a tech guy and know nothing about Linux. I guess I should download the program, record it in a CD,..... and what then?

    Quote Originally Posted by Peter Read View Post
    Not sure if this is any help, but if I have deletion problems, I go into DOS prompt and delete them from there. Works all the time for me.
    I've heard about this DOS resource before but have no idea on how to implement it. Would you please give me more details?

    Quote Originally Posted by P T View Post
    It may be a Root Kit virus you have. These viruses hide files from Windows to prevent deletion.

    I suggest you run HiJackThis and post the result on an HJT web site - there are a few good ones about.

    cheers, Paul
    Thanks, Paul. Even though FBSL and the AVIRA anti-rookit programs didn.t find anything in my PC, I already download the HiJackThis, but started searching for HJT web sites and got pretty confused about where should I submit the HiJackThis result report.

  9. #8
    Gold Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,490
    Thanks
    7
    Thanked 220 Times in 208 Posts
    There is an automated HJT analyzer here.

    There is a very knowledgeable lady at this site who can spot HJT problems in a flash.

    And BleepingComputer.

    cheers, Paul

  10. #9
    3 Star Lounger HeyJude's Avatar
    Join Date
    Dec 2009
    Location
    Ohio, USA
    Posts
    332
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by P T View Post
    There is an automated HJT analyzer here.

    There is a very knowledgeable lady at this site who can spot HJT problems in a flash.

    And BleepingComputer.

    cheers, Paul
    Thanks for posting the automated analyzer site. I have several HJT sites bookmarked and this is a great addition for helping those who have not only browser hijacking issues, but malware, trojans etc. This will be a neat tool

    Hey Jude
    Take a sad song and make it better

  11. #10
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,133
    Thanks
    102
    Thanked 207 Times in 181 Posts
    That analyzer site is actually linked from the original at hijackthis.de.

    Hjt may be a very useful tool under some circumstances but there are many infections it cannot pickup, you really do need to get to a good Antimalware forum, hijackthis.de has a pretty good forum.

  12. #11
    3 Star Lounger HeyJude's Avatar
    Join Date
    Dec 2009
    Location
    Ohio, USA
    Posts
    332
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Andy Rowlands View Post
    That analyzer site is actually linked from the original at hijackthis.de.

    Hjt may be a very useful tool under some circumstances but there are many infections it cannot pickup, you really do need to get to a good Antimalware forum, hijackthis.de has a pretty good forum.
    Yes this is one of my resource sites. Way back when my DIL was having virus/hijack issues we used this forum to resolve her issues.

    Here is another site that's great HJT Log Analyzer

    Hey Jude
    Take a sad song and make it better

  13. #12
    New Lounger
    Join Date
    Jan 2010
    Location
    Venezuela
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Byron Tarbox View Post
    I second the LINUX boot disc approach since you can make any change without Windows running.
    Since the LINX approach has been the most voted, for you and others, and even though I'm not a tech guy and know nothing about Linux I tried to download the Knoppx but fI found it extremely complicated for me, so I downloaded UBUNTU 9.10 and InfraRecording program, I created a bootable CD and proceeded.

    When after a big while Ubuntu finally started up I chose the very first option, that was highlighted: "Try Ubuntu without any changes...". I could find the nine files and since I didn't see any Delete option I used the Move one and moved all of them to the Trash. Then I emptied the trash.

    But back in Windws I almost got an infarct because the damn files WERE STILL THERE!

    This "Try Ubuntu without any changes..." seems to me a flase promise because back inot Windows I discovered that the date and time have been moved to next day.

  14. #13
    Star Lounger
    Join Date
    Dec 2009
    Location
    Mexico City, D.F., Mexico
    Posts
    81
    Thanks
    0
    Thanked 0 Times in 0 Posts
    To delete a file in Ubuntu, it's like for Windows: select the file and press the delete key. You can also right-click a file and select the option delete.
    This eco-post is made of recycled electrons

  15. #14
    New Lounger
    Join Date
    Jan 2010
    Location
    Venezuela
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Stephane Quenson View Post
    To delete a file in Ubuntu, it's like for Windows: select the file and press the delete key. You can also right-click a file and select the option delete.
    Thanks, Stephane, but no way.

    I just followed the whole procedure once more and when rightclicking any of those files the closest option to Delete that Ubuntu presented to me is MOVE TO TRASH; there is no such a thing like Delete. So I used MOVE TO TRASH with each one of the nine files, then I found them in the trash, and afterward I emptied the trash but the nine files were in place when I went back to Windows.

  16. #15
    New Lounger
    Join Date
    Dec 2009
    Location
    Birmingham, Alabama
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Carl Padrez View Post
    In Disc C:/ I have Windows PO Professional and all programs installed under it only. Apparently due to a virus that, apparently too, is no longer in my PC, there are in that disc nine files (2.9 GB each is, with one single letter name —A, E, F, S, etc.— with no extension) which are taken about 27 GB of disc C space.

    I discovered them using Total Commander. When I tried to see them using Windows Explore I couldn’t deactivate the “Hide system protected files (recommended)”. When I finally could unblock that and I see the files, I entered Safe Mode and I could see the file via Total Commander but no via Windows Explore.

    What I found about that supposed virus relates it to NTDETECT.COM and says that it is kind of trojan that sends info outside and generates a lot of small files that take over the disc space. In my case there are no small files but nine of 3,181,641,728 bytes each, and they have not increased size at all since I discovered them.

    I use Eset Smart Suite 4 and Avira Personal Free. They haven´t found any malware in my PC. Malwarebytes’ and SUPERantimalware neither.

    I have looked for a way to move/delete those files desperately but without success. Unlocker, WhoLockMe, Files Assassin and other have failed.

    According to Unlocker the set of processes related to each one of these nine files is never the same, but all sets have in common two processes: Explore.exe an System. It’s clear that if I end these processes I shut down my PC, so this is not a solution at all.
    In your screen cap, it appears that the file attributes of System and Hidden are set. If that's the case, Windows isn't going to allow you to do anything with them. Clear those attributes and try again. It may seem way too easy, but let's start with the way too easy stuff first.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •