Someone once referred me to a software application similar to killbox that deletes undeltable files I think via dos, but not sure, Does anyone know the name of this software ?? I don't think it was DelinvFile either. I think it started with a V (but not vundo fix)
January 20th, 2008, 05:10 PM
The site is down at the moment, but have a look at DiamondCS
I think they have a delete on reboot tool?
Edit: it is called "DelLater"
January 20th, 2008, 09:36 PM
I thought that m$ had a tool that will delete a file that is in use upon reboot. It was in the resource kit or support tools? I had to use it to get rid of a corrupt user profile that wouldn't allow me to delete it due to it being in use.
The name escapes me at the moment and scrolling through the list of tools doesn't make it pop out at me. I'm pretty sure it was Windows 2000 Server that I as having problems with at the time...
I suppose you could always boot to some WinPE or *nix boot CD, mount the file system and delete it there?
He is talking about a product that can be found at http://ccollomb.free.fr/unlocker/ It never used to work for me but its probably better now. It basically kills what ever process has the file open then deletes it. Cool concept
January 21st, 2008, 04:19 PM
Thanks very much for your help everyone, but none of these programs are working. I tried killbox, DelinvFile, GiPo@MoveOnBoot, delreb (which wouldn't run and gave me a script error), and unlocker1.8.5, but none can help me get rid of this file called mdelk.exe which has actually replicated itself into the killbox folder so now it exists twice and cannot be deleted.
I took a screen shot of my problem, and trust me I have tried everything in my power to get rid of this so far. Only 2 programs actually identify it, but cannot get rid of it. My spy Sweeper from webroot didn't spot it at all. Only spyware doctor and xoftspy.
Basically it's a Email-Worm.Bagle or W32.Beagle.dp
It tells me that I am infected here
Infection - HKEY_USERS\S-1-5-21-4244836623-3323935454-545560717-1007\Software\Microsoft\Windows\CurrentVersion\Run, german.exe
So in closing I need an extreme measure here to try and delete that file mdelk.exe Can anyone help ?
January 21st, 2008, 04:30 PM
The easy solution: Backup and reinstall.
The worthwhile solution: Where exactly is the virus supposedly located? When you try to delete it from there, is that when you get the "file is in use" error?
Probably stupid question, but have you tried deleting it in Safe Mode?
Also try using BartPE to boot into the box, so if you can delete it that way...
January 21st, 2008, 04:46 PM
no I have not tried safe mode yet because I figured it wouldn't let me in anyways because this virus is a tough one it seems to not let me run spybot at all and it doesn't let me install certain applications such as bit defender or Sophos etc etc. I will look into BartPE right now though. The virus which I think to be the virus is located in windows\system32 folder (mdelk.exe) and yes I get the following message"cannot delete mdelk:cannot read from the source file or disk" so it doesn't actually say file is in use...
So again I appreciate your efforts. I'll try to boot in safe mode and see if that helps any...
January 21st, 2008, 04:59 PM
it won't let me boot up in safe mode it keeps resetting itself