Tech Support banner

Status
Not open for further replies.
1 - 20 of 38 Posts

·
Registered
Joined
·
20 Posts
Discussion Starter #1
(this might be irrelevant) I downloaded some exe file off the internet, kaspersky antivirus reported no viruses, i run it a few times, decide to delete it and can't : it says that the file is in use by a process...
i cant delete the file even if i enter safemode or use killbox's delete on startup option.
and now, it appears that every .exe file i create can no longer be deleted!
My hijackthis log :
Logfile of HijackThis v1.99.1
Scan saved at 01:13:03, on 22/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_01\bin\javaw.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~2\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe"
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105972047810
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Please help me out!
 

·
Registered
Joined
·
20 Posts
Discussion Starter #2
i forgot to mention :
i made an exe file on a different physical drive and i wasn't able to delete it either
i also tried system restore, but it didn't help at all
 

·
Registered
Joined
·
20 Posts
Discussion Starter #5 (Edited)
Well... I don't see any step I haven't done.. Are you talking about something specific?
Wait.. I haven't completely scanned my computer yet.. I'm doing it right now, but incase the problem is not a virus, could you please suggest me what else to do in my situation?
 

·
Registered
Joined
·
1,097 Posts
This usually happens when people "download some file off the Internet". You mind telling us what file you can't remove?

You should try deleting the file from the Recovery Console by booting from your XP CD. You can also try a System Restore.
 

·
Registered
Joined
·
20 Posts
Discussion Starter #8
I cant remove any new exe files (old ones can still be deleted, but as soon as i change a file's name to "something.exe", bam: no more removing!)
i have tried system restore but it gave an error that nothing changed and thus there's nothing to restore
the file i downloaded and opened prior to this all was GBASM.exe here:
http://www.snakeyes.org/util/files/asg_asm.zip
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
What is happening is that you are trying to make an exe file that is clearly *not* an executable. When Windows Explorer first looks at one, it looks inside for various additional information (is it 16 bit of 32 bit? Is it for Windows or DOS? for example) and you are just totally confusing it.

Go to All Programs > Accessories > Command Prompt
Navigate to the folder where the file is with the CD command
delete it with DEL test.exe or whatever

--
Alex Nichol MS MVP
(Windows Technologies)
Use the above method to delete GBASM.exe first. The rest should go easily
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Give me the exact location/filepath of the GBASM.exe file.

Example. - C:\Windows\GBASM.exe
 

·
Registered
Joined
·
20 Posts
Discussion Starter #13
c:\!killbox\gbasm.exe

but it was first in a different place and it's not only it, it's everything new.
if i copy it to elsewhere, the copy can't be deleted either.
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
LOL... c:\!killbox\ is the backup folder Killbox uses.

Please do this...

Go to Start> Run - type cmd <Press Enter> (this opens the command prompt)
type del c:\!killbox\gbasm.exe <Press Enter>
type exit <Press Enter>
 

·
Registered
Joined
·
20 Posts
Discussion Starter #15 (Edited)
it worked.. but it didn't when i tried it before...
anyway that's irrelant, if i create exe files (like by copying existing ones) they still can't be deleted. please help me with that...
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
With the previous instruction, replace c:\!killbox\gbasm.exe with any file you wish to delete.

When you have completed all the files, type exit to close the DOS box.

Then reboot to check if new exes can be deleted.
 

·
Registered
Joined
·
20 Posts
Discussion Starter #17 (Edited)
it seems that it is only deleting them if they are not found in the current active directory.
i made quite a lot of files to check, and some of them i cant delete from cmd because they use different languages..
well i'll try rebooting and seeing if it helps, thanks by the way

edit : nope, it doesn't help... but i didn't delete all the files i recently created (not sure where all of them are, some are hard to delete via cmd due to language), though...
 

·
Registered
Joined
·
20 Posts
Discussion Starter #19
i don't remember all of the files i recently created that have this problem, an example file i cant delete is d:\bl2\‏‏עותק של 3d.exe
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Is that all the files? Please give me the full list so that we can do it all in one shot
 
1 - 20 of 38 Posts
Status
Not open for further replies.
Top