Question

Locked

Got a file I can't delete

By jdclyde ·
System is a Dell optiplex 160L running WinXpProSP2.

One of the boys was gaming and got tricked into downloading and running a hack.

Now there is a file called new.exe in the "my documents" folder.

I can not delete it because it says it is in use. Same if I try to rename or move it.

I booted to a knoppix liveCD and tried to delete the file, but is would not allow me to delete it. no reason was given.

Don't see anything in the list of processes that looks out of place.

Any ideas, other than the format route? I am going to end up doing that, but would like to figure out how to kill this first.


This is my home system, I have full admin rights, as well as full physical access.


Thanks,

jd

This conversation is currently closed to new comments.

35 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

This may help

by Jacky Howe In reply to Got a file I can't delete

I haven't tried it but it may work.

http://www.snapfiles.com/get/removereboot.html

<nearly forgot>

If the file reappears again check its creation date to ensure it is being recreated and you can't make it budge, you may have trouble with spyware or a virus on your system. In this case you should get a good spyware removal program to scan your system.

Collapse -

If Cookies

by Jacky Howe In reply to This may help

suggestion doesn't work try this.

From another PC download and install these two programs and copy the the installed folders to a USB Stick.

Restart the PC in Safe Mode and turn off System Restore and run Sophos when you have completed the 4 steps run Spybot.

Download Sophos and the latest IDE Files. Install it and extract the IDE files to the SAV32CLI folder. I normally create batch Files for the 4 runs.
EG: Sav1.bat

cd\SAV32CLI

SAV32CLI -P=C:\SCANLOG.TXT

http://www.sophos.com/support/knowledgebase/article/13251.html

Download Spybot - Search & Destroy 1.5.2 and install it. Update it. http://www.safer-networking.org/en/download/index.html

Take note of anything that can't be removed and check this link.

http://forum.worldstart.com/showthread.php?t=43513

If everything is OK and you think that you are clean re-enable Systen Restore.

<Format>

Collapse -

The timestamp is a few months old

by jdclyde In reply to This may help

and have never been able to remove it in the first place.

will give your link a shot (but probably not until tomorrow night).

Thanks.

jd

Collapse -

It could be this

by Jacky Howe In reply to The timestamp is a few mo ...

if it is Sophos should remove it.

new.exe (beagle.eg worm) - Details
If the new.exe process is running on your computer, your pc may be infected with a variant of the beagle.eg worm.

new.exe is considered to be a security risk, not only because antivirus programs flag beagle.eg worm as a virus, but also because a number of users have complained about its performance.

beagle.eg worm is likely a virus and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of new.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data or leaking private information to websites.

Collapse -

Minimal risk

by jdclyde In reply to It could be this

As there is nothing on this system of concern.

I AM going to wipe and reload, but as said earlier, I never like to pass up a chance to learn something new.

I will run the sophos and see what I can find. Will report back, probably thursday night.

Thanks Blue!

Collapse -

This is the one

by Jacky Howe In reply to Minimal risk

area of IT that gives me the irrits. I hate Virus's. I can get them cleaned off the system but I always have a lingering doubt about their presence. You can run an AV program and it will come up clean, then run another AV and it will find something else. I like to get the system as clean as possible before Backing up Data and then its Dariks Boot and Nuke. It is so bloody time consuming, but I won't copy Data until I am sure that it is not infected. Did I mention that I hate Virus's. :)

Collapse -

Removeboot got it

by jdclyde In reply to This may help

thanks.

will wipe and reload this weekend.


B-)

Collapse -

You are now :)

by Jacky Howe In reply to This may help

a fully qualified tester. :)
I will add that to my Toolbox. :)

Collapse -

Turn off system restore, run Ad-Aware 2007 and Spybot S&D

by ComputerCookie In reply to Got a file I can't delete

in safemode 99.9% sure it's a virus, haven't seen new.exe for years

If there are any files that can't be deleted boot to command line safe mode and do it that way.

Had the same problem with a virus the other day and Spybot couldn't delete it.

Jeff

Collapse -

Tried spy/av/rootkit scans in safemode

by jdclyde In reply to Turn off system restore, ...

and never found anything. Spent a few days when this first happened a few months back and found nothing.

Thought I was clean until I just happened upon that file the other day.


I think it is either a root kit or a keylogger, because he got it from someone in a game, and they are notorious for getting your password and then cleaning out your characters. I saw it happen because I was sitting next to him and reached over and unplugged the system, so it might not have finished the install.

Back to Windows Forum
35 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next

Operating Systems Forums