Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: How Do I delete this file

  1. #1

    Exclamation How Do I delete this file

    Please take a minute and help me PC_CILLIN informs me that I have a few files that are Back Orifice Trojan files.. I am unable to delete them pc_cillin is unable to clean or delete them as well I have tried going into the registry and modifing there value and that doesnt work either. whenver i try and delete the files it says access denied

    mike m aka greyhairedwolf
    Mike M aka greyhairedwolf
    ----------------------------------------------
    Eight Words The Wiccan Rede Fulfills
    \"An it harm none do what you will\"
    ----------------------------------------------
    A mind is like a parachute it only works
    WHEN OPEN

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    800
    go to Moosoft.com and download the cleaner3.exe. It should detect and clean trojans on your computer. It also has realtime protection that moniters to see if a trojan is being installed
    [gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    175

    Deleting the Files

    If your getting the "Access Denied" error that is probably because the files have registered themselves as services in Windows. Therefore, they are always in use and cannot be deleted while "in" Windows.

    To Delete Them:

    Try restarting in "MS-DOS Mode" and going to the directory they are located in and deleting them in DOS. After you are done deleting them type "win"

    How to Delete in Dos:

    (Just in case you don't know)

    del "file.ext" (remove the quotes)

    example: del test.txt

    Good Luck, I hope this helps
    Simon Templer

    \"Your work is to discover your world and then with all your heart give yourself to it. \"
    -The Buddha

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    752

    Post

    If it's giving you an access denied error, then something probably has that file running. Try booting into safe mode and deleting the file that way. Only critical processes run in safe mode, so you should be able to delete them. If that doesn't work (and it should), boot into DOS and and try deleting them.

  5. #5
    Junior Member
    Join Date
    Sep 2001
    Posts
    10

    Lightbulb

    Well, buddy... First of all you have to see what kind of files are running.. see it by pressing ctrl+alt+del... try to figure out what each one of them make and you will fix the problem.
    This doc can help you... read it and learn your own OS...

    All Known and Unknown Autostarting Methods used for executing files ( like trojans )

    1. Autostart folder
    Everything in here will restart.
    C:\windows\start menu\programs\startup {english}
    This Autostart Directory is saved in
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
    Folders Startup="C:\windows\start menu\programs\startup"
    'So it could be easily changed by any program.

    2. Win.ini
    [windows]
    load=file.exe
    run=file.exe

    3. System.ini [boot]
    Shell=Explorer.exe trojanfile.exe

    4. c:\windows\winstart.bat
    'Note behaves like an usual BAT file. Used for copying deleting specific files. Autostarts
    everytime

    5. Registry
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]

    6. c:\windows\wininit.ini
    'Often Used by Setup-Programs when the file exists it is run ONCE and then is deleted by
    windows
    Example: (content of wininit.ini)
    [Rename]
    NUL=c:\windows\picture.exe
    'This example sends c:\windows\picture.exe to NUL, which means that it is deleted. This
    requires no interactivity with the user and runs totaly stealth.

    7. Autoexec.bat
    Starts everytime at Dos Level.
    Example:
    Call C:\trojanfile.exe >nul
    Will run trojanfile.exe and redirect any output to nothing,
    so it will run totally stealth

    8. Registry Shell Spawning
    [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*"
    [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %*"
    [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %*"
    [HKEY_CLASSES_ROOT\htafile\Shell\Open\Command] @="\"%1\" %*"
    [HKEY_CLASSES_ROOT\piffile\shell\open\command] @="\"%1\" %*"
    [HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command] @="\"%1\" %*"
    [HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command] @="\"%1\" %*"
    [HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command] @="\"%1\" %*"
    [HKEY_LOCAL_MACHINE\Software\CLASSES\htafile\Shell\Open\Command] @="\"%1\" %*"
    [HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command] @="\"%1\" %*"

    The key should have a value of Value "%1 %*", if this is changed to "server.exe %1 %*",
    the server.exe is executed EVERYTIME an exe/pif/com/bat/hta is executed.
    Known as Unkown Starting Method and is currently used by Subseven.

    9. Icq Inet
    [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\test]
    "Path"="test.exe"
    "Startup"="c:\\test"
    "Parameters"=""
    "Enable"="Yes"

    [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\
    This key includes all the APPS which are executed IF ICQNET Detects an Internet Connection.

    9. Misc Information
    [HKEY_LOCAL_MACHINE\Software\CLASSES\ShellScrap]
    @="Scrap object" "NeverShowExt"=""

    The NeverShowExt key has the function to HIDE the real extension of the file (here) SHS.
    This means if you rename a file as "Girl.jpg.shs" it displays as "Girl.jpg" in all programs
    including Explorer.
    Your registry should be full of NeverShowExt keys, simply delte the key to get the real
    extension to show up.

    10. Dosstart.pif
    Right click on it and go to properties. You can specify a custom autoexec.bat and
    config.sys when the computer is restarted in msdos mode.

    See you...

  6. #6

    Thumbs up Thank YOU

    T h a n k You To all who helped me by posting replies to my question. Many of those methods I had tried. The winner of the get those pesky files off of Mikey's Computer goes to Casper. Cleaner 3.0 managed to finally give them there eviction notice. BUT I WANT TO THANK EVERYONE WHO POSTED A REPLY TO HELP ME. I appreciate everyone who took the time to think of a way to give me a hand.

    Mike Marlin aka Greyhairedwolf
    Mike M aka greyhairedwolf
    ----------------------------------------------
    Eight Words The Wiccan Rede Fulfills
    \"An it harm none do what you will\"
    ----------------------------------------------
    A mind is like a parachute it only works
    WHEN OPEN

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    535

    Thumbs up

    what u can do is take the back up of all your important files and then format C drive and reinstall your operating system. this will refresh your registries and also clean all the trojans which might be present on your system.
    if u don't want to do this then go to tauscan there u can download the trojan scanner and fix your problem.
    intruder.

  8. #8
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Intruder, and what if the important files you're backing up, are infected?

  9. #9
    it doesn't matter if the files you backed up are infected bc when you restore they wont be running, they will be "dead" infections.
    Bradley Lamar

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    800
    once you install the files back on they will become active again
    [gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •