Author |
Message |
   
Carlos Norris™
Citizen Username: Katracho
Post Number: 333 Registered: 11-2002

| Posted on Sunday, August 20, 2006 - 1:46 am: |
|
Ok, here is the deal. I was doing some surfing a little while ago and my antivirus picked up a "download" Trojan, which was placed in quarantine. So, I started doing my usual troubleshooting. I go down to "safe mode" to make sure no program is running behind the scenes which will prevent me from deleting malicious files from my PC. I look at the directory that the trojan was saved to (C:\Documents and Settings\UserName\Local Settings\Temp) and start deleting all this junk that just piles up in there. Anyway, I am happily deleting all these temp files when I run into a file that I cannot delete. It seems IE at some point (Jan 26, 2006) saved temporary internet files to the temp folder mentioned above. In there, I found an HTML file that I cannot delete. I deleted everything else under there, except that file. When I double click on it, it opens up a browser window, which just defaults to whatever I have set to be my home page, which is NASA's astronomy picture of the day. I thought - those kidders at NASA are always joking around. I ran Ad-Aware and Spybot. They both came up clean. I rebooted into regular mode. I drill down to the folder and double-click on it. Takes me to NASA's page. I close the browser and change the homepage to be blank. I try opening the file again and it takes me to the blank home page. I close the browser. I try to delete the file. This action causes my antivirus to kick in. I stop the antivirus. I hit DEL again. Nothing happens. Like the file is not there. I go to the parent directory and try to delete it. I get an error which states that the file cannot be deleted. Below are images of the file and the error I get when I try to delete it. I don’t think I have run into this before. Inquiring minds want to know how I delete this s.o.b. file from my system. I am running WinXP Pro SP2 w/ Symantec Antivirus Corp. Ed. 10.0.2.2001 w/ August 18 definitions.
 |
   
Mayor McCheese
Supporter Username: Mayor_mccheese
Post Number: 2135 Registered: 7-2004

| Posted on Sunday, August 20, 2006 - 3:56 pm: |
|
Try deleting the file from the dos prompt. That sometimes works. If you type 'cmd' in the run command on the start menu you can do this. Or, boot up to a command prompt and delete it. I have had files in the past that would not delete, and this has worked fine for me. |
   
Dave
Supporter Username: Dave
Post Number: 10541 Registered: 4-1997

| Posted on Sunday, August 20, 2006 - 4:17 pm: |
|
All files are temporary. For Chuck Norris. |
   
Mayor McCheese
Supporter Username: Mayor_mccheese
Post Number: 2136 Registered: 7-2004

| Posted on Sunday, August 20, 2006 - 4:34 pm: |
|
I suppose that a roundhouse kick would also take care of that file. |
   
Carlos Norris™
Citizen Username: Katracho
Post Number: 335 Registered: 11-2002

| Posted on Sunday, August 20, 2006 - 4:51 pm: |
|
McCheese: I tried going down to the DOS prompt, from within regular mode and safe mode. No luck. PS I am not Chuck Norris, so, I don't know how to do a roundhouse kick. I am sure that would have taken care of the file. I am, however, his long lost Latin nephew. |
   
Mayor McCheese
Supporter Username: Mayor_mccheese
Post Number: 2137 Registered: 7-2004

| Posted on Sunday, August 20, 2006 - 8:57 pm: |
|
OK, I have no experience with this, but check out this website. #7 seems to be a solution to your problem. I just don't know how good that program is. |
   
Monster©
Supporter Username: Monster
Post Number: 4552 Registered: 7-2002

| Posted on Sunday, August 20, 2006 - 9:12 pm: |
|
Try using Cleanup there is a tutorial here. Or maybe the secure delete function of Spybot |
   
tom
Citizen Username: Tom
Post Number: 5587 Registered: 5-2001
| Posted on Sunday, August 20, 2006 - 10:50 pm: |
|
Have you tried saving over it? Make a blank text file, and "save as" TYPE_C~1.HTM" in that directory. Then try deleting it. It's worked sometimes for me. |
   
Politicalmon
Citizen Username: Politicalmon
Post Number: 254 Registered: 9-2005

| Posted on Monday, August 21, 2006 - 10:54 am: |
|
Did you look at the file attributes and confirm that it has not been reset to read only? |
   
tom
Citizen Username: Tom
Post Number: 5591 Registered: 5-2001
| Posted on Monday, August 21, 2006 - 5:44 pm: |
|
another possibility is to just rename it. Sounds trivial, but sometimes it works. |
   
TarPit Coder
Citizen Username: Tarpitcoder
Post Number: 130 Registered: 12-2004

| Posted on Tuesday, August 22, 2006 - 9:41 am: |
|
Try running FDISK from the cmdline on the partition too. If its your system partition then it will want to reboot. It's worth a shot. The overwrite idea is good. If your feeling courageous, get a linux bootable cd, mount the NTFS partition read-write (which is the scary bit) and overwrite it.
|
   
TomD
Citizen Username: Tomd
Post Number: 613 Registered: 5-2005

| Posted on Tuesday, August 22, 2006 - 12:20 pm: |
|
have you tried just killing the temp directoy entirely? You can do it from a DOS prompt with rmdir /s [path]. But you could, if really, really serious, do as Tar Pit mentioned. Get a Ubuntu Live (or some other Live) CD and boot from it, munt your C: drive and kill the file. (it isn't really very scary). |
   
JMF
Citizen Username: Jmf
Post Number: 275 Registered: 9-2004
| Posted on Tuesday, August 22, 2006 - 2:41 pm: |
|
I have had that problem a few times a long time ago. I think I would usually have to log in as a different admin user to delete the file. |
   
Carlos Norris™
Citizen Username: Katracho
Post Number: 336 Registered: 11-2002

| Posted on Friday, August 25, 2006 - 11:03 pm: |
|
Tarpit, TomD: I won't use such aggresive means as using a bootable Linux disk and modifying my NTFS partition. I had already tried most of the other things suggested here. I haven't tried monster's suggestions yet. I have been working long hours this week, so, I haven't even powered on that PC to try again. Thanks for all the tips, though |
   
TomD
Citizen Username: Tomd
Post Number: 629 Registered: 5-2005

| Posted on Saturday, August 26, 2006 - 9:03 am: |
|
just to clarify...I would not touch the partition. No way. The linux thing is actually very simple. You just boot an OS (linux in this case) off a CD and you get access to your C: drive. Then in the linux file explorer you delete whatever file you want. You just need the linux live cd. I have found it is a good idea to have one around anyway in case windows stops booting and you need access to the drives. The other option is a windows live cd. |
   
Carlos Norris™
Citizen Username: Katracho
Post Number: 338 Registered: 11-2002

| Posted on Saturday, August 26, 2006 - 10:39 am: |
|
Hmm. Sounds like a very doable procedure. I don't have any Linux CDs, though. You know, the file is no big deal. It just drives me nuts when my computer starts doing stuff I don't like and can’t correct. Before you know it, if not kept in check, it would start looking for Sarah Connor. And none of us want that to happen. |
   
Carlos Norris™
Citizen Username: Katracho
Post Number: 361 Registered: 11-2002

| Posted on Sunday, August 27, 2006 - 4:37 pm: |
|
I got it. Embarrassingly, if I may add, I forgot to try one obvious, simple procedure. Idiot!  |