Persistent file - won't erase

  • Thread starter Thread starter Ed Cregger
  • Start date Start date
E

Ed Cregger

AVG Free Anti-Virus is telling me that my computer is
infected with the following file: Update_0801_KB281717.exe.

I've tried to "heal" this file and I've tried to
"quarantine" this file via AVG's anti-virus. No go. I've
tried to delete it from Windows via My Computer. Nope.
Access denied. I've even tried to get rid of it via DOS.
Nada. Again, access denied. I have administrator's rights
and I've turned off all remote permissions.

Any ideas?

I've even wondered if I just have a bad loading of the AVG
program.

TIA


Ed Cregger
 
Ed Cregger said:
AVG Free Anti-Virus is telling me that my computer is infected with
the following file: Update_0801_KB281717.exe.

I've tried to "heal" this file and I've tried to "quarantine" this
file via AVG's anti-virus. No go. I've tried to delete it from Windows
via My Computer. Nope. Access denied. I've even tried to get rid of it
via DOS. Nada. Again, access denied. I have administrator's rights and
I've turned off all remote permissions.

Any ideas?

I've even wondered if I just have a bad loading of the AVG program.
Click to expand...
Have you found this file on your machine ?.
If you have, open it with Wordpad, and have a look thro`
it to see if you can find any text.
You might learn something about it.
AVG sometimes finds false positives.
 
Ed Cregger said:
AVG Free Anti-Virus is telling me that my computer is infected with the
following file: Update_0801_KB281717.exe.

I've tried to "heal" this file and I've tried to "quarantine" this file
via AVG's anti-virus. No go. I've tried to delete it from Windows via My
Computer. Nope. Access denied. I've even tried to get rid of it via DOS.
Nada. Again, access denied. I have administrator's rights and I've turned
off all remote permissions.

Any ideas?

I've even wondered if I just have a bad loading of the AVG program.

TIA


Ed Cregger
Click to expand...

Download the iso for puppy linux, use nero to burn it to CDR, data,
multisession. Boot that, then use pmount to "mount" your hard drive. Then
use the explorer utility in puppy to access the hard drive. Only danger in
doing this is that you might find a windoze alternative, and like it.
:) -Dave
 
Ed said:
AVG Free Anti-Virus is telling me that my computer is
infected with the following file: Update_0801_KB281717.exe.

I've tried to "heal" this file and I've tried to
"quarantine" this file via AVG's anti-virus. No go. I've
tried to delete it from Windows via My Computer. Nope.
Access denied. I've even tried to get rid of it via DOS.
Nada. Again, access denied. I have administrator's rights
and I've turned off all remote permissions.

Any ideas?

I've even wondered if I just have a bad loading of the AVG
program.

TIA


Ed Cregger
Click to expand...

When you went to the Microsoft site, were you able to find
a KB281717 ? I'm not getting a match on that number. And I
looked a few places.

It would help, if AVG would give you the "common name" for
the infection, as then you could look elsewhere for a fix.
Something like "trojan.downloader.nilage" or whatever. The
AV companies usually come up with pet names for them.

My Linux CDs here, only mount NTFS read-only. There is at least
one NTFS project, that offers read/write access. As far as I know,
NTFS is not fully documented, which is why efforts to support it,
may not be perfect. FAT32 support is much more common in Linux
distros.

And even if you do manage to mount the disk read/write, and are
ready to delete the file in question, it is possible that even
Linux will respect the permissions on the file. I don't know
if there is enough documentation on NTFS, to figure out why.

Good luck with your extermination efforts.

Paul
 
Paul said:
When you went to the Microsoft site, were you able to find
a KB281717 ? I'm not getting a match on that number. And I
looked a few places.

It would help, if AVG would give you the "common name" for
the infection, as then you could look elsewhere for a fix.
Something like "trojan.downloader.nilage" or whatever. The
AV companies usually come up with pet names for them.

My Linux CDs here, only mount NTFS read-only. There is at least
one NTFS project, that offers read/write access. As far as I know,
NTFS is not fully documented, which is why efforts to support it,
may not be perfect. FAT32 support is much more common in Linux
distros.

And even if you do manage to mount the disk read/write, and are
ready to delete the file in question, it is possible that even
Linux will respect the permissions on the file. I don't know
if there is enough documentation on NTFS, to figure out why.

Good luck with your extermination efforts.

Paul
Click to expand...

-------------


Thanks, Paul and everyone else that replied. Much appreciated.

Every time I try to even read the file with another viewer (yes, I have
found the file on my C: drive), I get access denied, regardless of the
program I am using to view it. Even the online virus detectors suggested by
some are not able to look at it, delete it, copy it or anything you can
think of that one can normally do.

A year or two ago, I caught some malware residing in the MBR and managed to
replace the existing MBR. Unfortunately, I no longer remember how to do that
procedure, nor do I have the intellectual capacity these days to figure it
out again (bad health). I guess I'll just have to live with it.

Thanks to all for trying to help.

Ed Cregger
 
Kill it under safe mode or, second alternative, kill it on reboot with
HiJackThis.
Make sure however that this file isn't used by the system. For example, some
protection software hide their modules in stealth mode to ptotect them from
attacks. The name of the exe is randomly chosen at every windows session.
I guess that your attempts under DOS were from a dos session under XP.
Correct ?
Boot on a true DOS formatted diskette instead. If your disk file system is
NTFS, noway unfortunately for you with DOS.

Keep us informed.
 
Ed Cregger said:
Every time I try to even read the file with another viewer (yes, I have found
the file on my C: drive), I get access denied, regardless of the program I am
using to view it. Even the online virus detectors suggested by some are not
able to look at it, delete it, copy it or anything you can think of that one
can normally do.

A year or two ago, I caught some malware residing in the MBR and managed to
replace the existing MBR. Unfortunately, I no longer remember how to do that
procedure, nor do I have the intellectual capacity these days to figure it out
again (bad health). I guess I'll just have to live with it.
Click to expand...

Please, do NOT just "live with it"!!! There are many other ways to work to
eliminate it:

Boot in Safe Mode, find and delete it.

Boot from the Win CD, go to the Recovery Console, find and delete it.

Boot from a Live Linux CD, Bart PE, or other diagnostic CD, find and delete
it.

Run chkdsk /mbr from the Win CD or Safe Mode.
 
in message
Please, do NOT just "live with it"!!! There are many
other ways to work to eliminate it:

Boot in Safe Mode, find and delete it.

Boot from the Win CD, go to the Recovery Console, find
and delete it.

Boot from a Live Linux CD, Bart PE, or other diagnostic
CD, find and delete it.

Run chkdsk /mbr from the Win CD or Safe Mode.
Click to expand...
 
I loaded Spyware Doctor plus Anti-Virus from PC Tools. It worked. I am
impressed.

Thanks to everyone for your suggestions. You're a great bunch of folks.


Ed Cregger
 
Doh!

The damned thing just popped back into existence. I'll run
the program again and see if the latest updates helped
anything.


Ed Cregger
 
Back
Top