Removing malicious folder... Help?

  • Thread starter Thread starter catz
  • Start date Start date
C

catz

After a de install of Inboxcop, I was left with a folder which I can not
delete as it reports "directory is not empty", if I run this folder it
brings up a pop up which asks "Format drive C Y/N", naturally I don't
respond Yes!

How did this folder get there and more importantly how can I delete it?
I have tried renaming and moving but I still cant get rid of it.
Any help appreciated, thanks...
 
1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (personal free version)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt202.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
10) Please report back your results

Dave






| After a de install of Inboxcop, I was left with a folder which I can not
| delete as it reports "directory is not empty", if I run this folder it
| brings up a pop up which asks "Format drive C Y/N", naturally I don't
| respond Yes!
|
| How did this folder get there and more importantly how can I delete it?
| I have tried renaming and moving but I still cant get rid of it.
| Any help appreciated, thanks...
 
After a de install of Inboxcop, I was left with a folder which I can not
delete as it reports "directory is not empty", if I run this folder it
brings up a pop up which asks "Format drive C Y/N", naturally I don't
respond Yes!

How did this folder get there and more importantly how can I delete it?
I have tried renaming and moving but I still cant get rid of it.
Any help appreciated, thanks...
Click to expand...
************* REPLY SEPARATER *************
This can usually be accomplished with the Command prompt. If one of the files
is in use by the operating system (as in the case of some virus's), you will
not be able to delete it. In that case you must run it in safe mode.

At the Command Prompt, change the directory to the problem one. Use the command
<dir /a>, which will show all files. <del *.*> will delete all files in that
directory. NT/2000/XP systems support <del *.* /s>, which will delete files in
sub directories as well. If <dir /a> still shows files, they are protected
files. Use <attrib -h -s -r> to get rid of any problem attributes and repeat
the delete command. Change back to the parent directory with <cd..>. Unless
there are sub-directories present, <rd directory_name> will remove the
directory in question. Again, NT/2000/XP supports <rd directory_name /s> to
remove empty sub-directories as well.

In the command mode, deleting files is permanent. There is no Recycle Bin.
Also, be aware that deleting files that are used by the operating system can
cause serious problems. For example, deleting ZoneAlarm files without properly
uninstalling them will block all Internet access on Win 9x.

J.A. Coutts
 
David said:
1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (personal free version)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt202.zip

Extract the contents of the ZIP file and place the contents in the
same directory as sysclean.com.

2) Update Adware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a
Full Scan of your platform and clean/delete any
infectors/parasites found. (a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your
platform using both the Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and
re-apply any System Restore preferences, (e.g. HD space to use
suggested 400 ~ 600MB), 8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
10) Please report back your results

Dave
Click to expand...

Thanks Dave I have tried as you advised but the suspect file/ folder still
is not removed.
Trend reports, "An error was detected on C:\ Documents andsettings\xxx\
Desktop\getrid of this\xxx\suspect folder\*.* ": Data error (cyclic
redundancy check).

Note xxx is my personal info and "get rid of this" and suspect folder are
my renames. The suspect folder is the one in question which I have moved to
the desktop.

Opening "get rid of this" produces "suspect folder" which when opened
produces "Format C Yes/ No"

So I dont know what next...

regards...
 
from the wonderful person said:
Thanks Dave I have tried as you advised but the suspect file/ folder still
is not removed.
Trend reports, "An error was detected on C:\ Documents andsettings\xxx\
Desktop\getrid of this\xxx\suspect folder\*.* ": Data error (cyclic
redundancy check).

Note xxx is my personal info and "get rid of this" and suspect folder are
my renames. The suspect folder is the one in question which I have moved to
the desktop.

Opening "get rid of this" produces "suspect folder" which when opened
produces "Format C Yes/ No"

So I dont know what next...
Click to expand...

It doesn't sound to me like you have a virus at all - it sounds like you
have a disk going bad maybe. Did you try running a 'chkdsk' (or
scandisk, depending on your OS) on the volume in question? (for WinXP,
start run chkdsk c:)

BACK UP ALL YOUR CRITICAL DATA (to somewhere other than that disk)
before you try that though, because if the disk is on the way out you
might lose it (ditto if you really do have some malware) during the OS's
attempts to repair the problem..

CRC error means that the file in question failed its checksum (or since
you can't remove it, the problem may be upstream in the directory
structure, FAT, or whatever .. knowing which OS and which filesystem
would be helpful).
 
Back
Top