Cannot delete malicious file

  • Thread starter Thread starter Bill B
  • Start date Start date
B

Bill B

Windows Defender has found a "Backdoor:Win32 Agent" but when I ask to have it
removed I receive error '0x80501001', couldn't complete the action
successfully. I have located the file on my external hard drive and have
tried to delete it manually (using right click from the mouse). Apparently
the file is successfully deleted but when I go back into the folder it has
re-appeared. Can anyone help me get rid of this file?
 
Bill said:
Windows Defender has found a "Backdoor:Win32 Agent" but when I ask to have it
removed I receive error '0x80501001', couldn't complete the action
successfully. I have located the file on my external hard drive and have
tried to delete it manually (using right click from the mouse). Apparently
the file is successfully deleted but when I go back into the folder it has
re-appeared. Can anyone help me get rid of this file?

Boot into safe mode and try again.

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Xubuntu 7.10) Linux 2.6.24.4
^ ^ 19:16:01 up 11 days 27 min 1 user load average: 1.29 1.12 1.09
? ? (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa/
 
Bill said:
Windows Defender has found a "Backdoor:Win32 Agent" but when I ask to have it
removed I receive error '0x80501001', couldn't complete the action
successfully. I have located the file on my external hard drive and have
tried to delete it manually (using right click from the mouse). Apparently
the file is successfully deleted but when I go back into the folder it has
re-appeared. Can anyone help me get rid of this file?

BTW, seems that the virus has been activated and locked the EXE.... I
hope not. Boot into safe mode and scan that file again.

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Xubuntu 7.10) Linux 2.6.24.4
^ ^ 19:25:01 up 11 days 36 min 1 user load average: 1.01 1.08 1.08
? ? (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa/
 
I've tried again in Safe Mode but unfortunately the problem is still there.
Any other suggestions would be welcome
 
Bill said:
I've tried again in Safe Mode but unfortunately the problem is still
there. Any other suggestions would be welcome

You have something that is respawning. Go through these general malware
removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. You will
generally be asked to:

1. Download and execute HiJack This! (HJT) -
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word
wrap"

3. Download/run Deckard's System Scanner -
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post at the
forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.

Standard disclaimer: I can't see and test your computer myself, so these are
just suggestions based on many years of being a professional computer tech;
suggestions based on what you've written. You should not take my
suggestions as a definitive diagnosis. If you can't do the work yourself
(and there is no shame in admitting this isn't your cup of tea), take the
machine to a professional computer repair shop (not your local equivalent
of BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may be
so infested that Windows will need to be clean-installed. If possible, have
all your data backed up before you take the machine into a shop.

Malke
 
Malke,
Many thanks for your help. I eventually managed to remove the file by using
the 'File ASSASSIN' function in Malwarebytes' Anti-Malware software. I'll
cetainly refer to your suggestions again should I ever get caught again.
Cheers
Bill B (Brit in France)
 
Bill said:
Malke,
Many thanks for your help. I eventually managed to remove the file by
using the 'File ASSASSIN' function in Malwarebytes' Anti-Malware software.
I'll cetainly refer to your suggestions again should I ever get caught
again. Cheers

Glad to hear you got things sorted. Yes, the Malwarebytes programs are my
new Best Friends. ;-)

Thanks for taking the time to let me know you're OK now.

Malke
 
Back
Top