← Autodidact Archive · Original Dissent · Franco
Thread ID: 16540 | Posts: 19 | Started: 2005-02-02
2005-02-02 06:09 | User Profile
How does one erase a suspected computer file permanently? I found the suspected file [it seems to be some sort of virus/bug], but each time I delete it, it comes back. I even renamed it, but that didn't do anything. Plus, I cannot open the file to see inside of it or alter it.
Any ideas about how to permanently delete it?
2005-02-02 06:17 | User Profile
[QUOTE=Franco]How does one erase a suspected computer file permanently? I found the suspected file [it seems to be some sort of virus/bug], but each time I delete it, it comes back. I even renamed it, but that didn't do anything. Plus, I cannot open the file to see inside of it or alter it.
Any ideas about how to permanently delete it?
------[/QUOTE]Either 1. a good anti-virus program, or 2. burn the computer in a bonfire.
If you choose 2., be sure and do the same to all your removable media, or they'll just jump on them and jump back on your new computer. Virus decon can be a real mess.
2005-02-02 06:29 | User Profile
[QUOTE=Okiereddust]Either 1. a good anti-virus program, or 2. burn the computer in a bonfire.
If you choose 2., be sure and do the same to all your removable media, or they'll just jump on them and jump back on your new computer. Virus decon can be a real mess.[/QUOTE]
Heh, heh....well, I have an anti-virus program, and similar programs, but none flagged it as a virus, etc.
2005-02-02 10:44 | User Profile
Franco,
Without knowing more it sounds like that you'll probably have to go inside of your registry to get rid of it. I recently had a similar problem with some adware files that called for this sort of extreme action.
2005-02-02 12:15 | User Profile
[QUOTE=Sertorius]Franco,
Without knowing more it sounds like that you'll probably have to go inside of your registry to get rid of it. I recently had a similar problem with some adware files that called for this sort of extreme action.[/QUOTE]
Hmmmm....o.k., will investigate....thanks...
2005-02-02 13:37 | User Profile
Franco, If it is spyware, then an anti-virus program will not flag it, because it is not technically a virus. You need an anti-spyware program. The two best free ones are -- Spybot Search & Destroy -- [url="http://www.safer-networking.org/en/download/"]http://www.safer-networking.org/en/download/[/url] and Ad-aware -- [url="http://www.lavasoftusa.com/support/download/"]http://www.lavasoftusa.com/support/download/[/url]
Make sure you update the definitions file before you do a system-wide scan, so that the program has a list of all the newest strains of spyware. Good luck.
2005-02-02 14:30 | User Profile
If the file keeps coming back after being repeatedly deleted, it is probably being created by some kind of spyware or adware process that is running in the background, which may have added itself to the registry to restart itself everytime the computer boots.
I suggest you download the latest version of SpyBot (it's free, donation is optional) from here:
[url]http://www.safer-networking.org/en/download/index.html[/url]
Install it and run a complete check on your system. You will probably find all sorts of TSRs, spyware and dodgy cookies on your computer. I had over 20 when I ran it, just from casual internet browsing.
Hopefully this will fix the problem, and if not, SpyBot is a good utility to have anyway :)
2005-02-02 14:31 | User Profile
Oops, sorry about the double post, I should have refreshed before replying.
2005-02-02 15:55 | User Profile
I could not get anything to download from this site:Ad-aware -- [url="http://www.lavasoftusa.com/support/download/"]http://www.lavasoftusa.com/support/download/[/url]
The SpyBot site worked perfectly, however.
In addition, I found another ad remover called Xblock.com
2005-02-02 16:16 | User Profile
[QUOTE=albion]I could not get anything to download from this site:Ad-aware -- [url="http://www.lavasoftusa.com/support/download/"]http://www.lavasoftusa.com/support/download/[/url]
The SpyBot site worked perfectly, however.
In addition, I found another ad remover called Xblock.com[/QUOTE] The lavasoftusa.com server does not actually host the downloads; it just provides links to sites that do. Try the majorgeeks.com link -- I have never had any problems downloading from them. Also, Spybot and Ad-aware tend to pick up different things, although there is overlap. So, to be on the safe side, it is a good idea to run both.
2005-02-02 16:56 | User Profile
To keep your comp. safe don't download anything, my comp. is now about 8 years old and I naver have any problems with it because I simply don't download anything or open any files from anyone that I don't know.
My comp. is 78% empty even after all this time.
I never allow AOL to "update" my comp., if it is not broken then don't fool with it.
By the way, I am using the .04 version of AOL if you use .05 and above then they can not fool around with it and even spy on you.
2005-02-02 19:05 | User Profile
Franco,
The virus is screening the OS commands to hide its running processess. You can't see them with the standard Task Manager. You'll need to use a second party processes viewer to see them.
Reboot, and enter the XP Command console by pressing F8 after POST but before the WinXP splash and choosing the option to go to the command prompt. It will look like DOS. CD to the file and delete it then reboot. Problem should be solved.
2005-02-03 00:47 | User Profile
[QUOTE=Oklahomaman]Franco,
The virus is screening the OS commands to hide its running processess. You can't see them with the standard Task Manager. You'll need to use a second party processes viewer to see them.
Reboot, and enter the XP Command console by pressing F8 after POST but before the WinXP splash and choosing the option to go to the command prompt. It will look like DOS. CD to the file and delete it then reboot. Problem should be solved.[/QUOTE]
Many thanks.
That sounds like what it is, because it appears briefly in taskmanager when I start up, and then hides. I found the thing [the file], but could not delete it.
Please tell me again how to enter the console [as you mentioned], but please give more details, in exact steps. I am not a computer genius. Only if the details are simple can I grasp what to do. :biggrin:
2005-02-03 00:49 | User Profile
[QUOTE=Quantrill]Franco, If it is spyware, then an anti-virus program will not flag it, because it is not technically a virus. You need an anti-spyware program. The two best free ones are -- Spybot Search & Destroy -- [url="http://www.safer-networking.org/en/download/"]http://www.safer-networking.org/en/download/[/url] and Ad-aware -- [url="http://www.lavasoftusa.com/support/download/"]http://www.lavasoftusa.com/support/download/[/url]
Make sure you update the definitions file before you do a system-wide scan, so that the program has a list of all the newest strains of spyware. Good luck.[/QUOTE]
Thanks. Actually, I already have a couple of types of those programs, but this thing must be brand new, since it was not flagged.
2005-02-03 14:14 | User Profile
Franco
Here is the unabriged version:
The virus registers itself as a resource for EVERY program that is run in WinXP from explorer.exe to solitare.exe. Any programs you start will place a copy of the file into memory. So if you delete it or shut it down, your own programs just respawn the file from memory. Since you can't shut down every program in WinXP you have to boot to the Command Console and delete it before it hatches itself from the registery.
Step 1: Locate the file and path to the directory where it was found and the full file name including the extention. Write this info down.
Step 2: Reboot with the turbo reset switch or CTRL+ALT+DEL and tell WinXp to restart.
Step 3: After memory check and POST (this is where the computer gives out bios inforamation and says things like: IDE Master 1 = Seagate) but before the initial WinXP logo screen that has the scrolling bar shows up, press F8 on your keyboard.
Step 4: You will be taken to a text menu. Your options should look something like this:
Select the last option or what ever is most similiar.
Step 5: It might take 2-3 minutes but you'll eventually get a C:/> with nothing else.
Step 6: type cd C:\Windows\System32 (or whatever directory you found it in) hit enter
Step 7: at the C:\WINDOW\SYSTEM32> prompt type del filename (whatever the file name is) and press enter.
Your hard drive should make a couple of short clicks If it says: [file(s) not found], simply Restart normally and double check to make sure you have the right directory. or filename. Otherwise, it will say [1 file(s) deleted]. It will give you another C:\WINDOWS\SYSTEM32> prompt. Now simply restart your computer.
Let me know if you need any further assistance.
2005-02-03 19:02 | User Profile
For security, it's a good idea to have a computer that's not on the internet for doing all your activities that don't require the internet. Also, use open-source software because it's difficult for malicious code to be hidden in them.
Start using FireFox instead of Internet Explorer. FireFox has a nice feature that blocks webpages from installing software on your computer.
2005-02-03 19:10 | User Profile
[QUOTE=mmartins]Of course... he was IP-mining [/QUOTE]What is IP-mining and what software do I need to do it? Also, How do I trace an IP number with what software? :confused:
2005-02-04 07:22 | User Profile
[QUOTE=Oklahomaman]Franco
Here is the unabriged version:
The virus registers itself as a resource for EVERY program that is run in WinXP from explorer.exe to solitare.exe. Any programs you start will place a copy of the file into memory. So if you delete it or shut it down, your own programs just respawn the file from memory. Since you can't shut down every program in WinXP you have to boot to the Command Console and delete it before it hatches itself from the registery.
Step 1: Locate the file and path to the directory where it was found and the full file name including the extention. Write this info down.
Step 2: Reboot with the turbo reset switch or CTRL+ALT+DEL and tell WinXp to restart.
Step 3: After memory check and POST (this is where the computer gives out bios inforamation and says things like: IDE Master 1 = Seagate) but before the initial WinXP logo screen that has the scrolling bar shows up, press F8 on your keyboard.
Step 4: You will be taken to a text menu. Your options should look something like this:
Select the last option or what ever is most similiar.
Step 5: It might take 2-3 minutes but you'll eventually get a C:/> with nothing else.
Step 6: type cd C:\Windows\System32 (or whatever directory you found it in) hit enter
Step 7: at the C:\WINDOW\SYSTEM32> prompt type del filename (whatever the file name is) and press enter.
Your hard drive should make a couple of short clicks If it says: [file(s) not found], simply Restart normally and double check to make sure you have the right directory. or filename. Otherwise, it will say [1 file(s) deleted]. It will give you another C:\WINDOWS\SYSTEM32> prompt. Now simply restart your computer.
Let me know if you need any further assistance.[/QUOTE]
Many thanks.
2005-02-04 07:23 | User Profile
[QUOTE=Happy Hacker]For security, it's a good idea to have a computer that's not on the internet for doing all your activities that don't require the internet. Also, use open-source software because it's difficult for malicious code to be hidden in them.
Start using FireFox instead of Internet Explorer. FireFox has a nice feature that blocks webpages from installing software on your computer.[/QUOTE]
Thanks.