[JcHc3in1]

I have a problem with a near-new computer. Somehow I got a self-replicating spyware or virus that is hidden itself in the Windows Temp folder and keeps growing more files. It has been classified by all my security software as "Adware." I ran my antivirus and spyware programs (BitDefender, SpySweeper and other free spyware/virus programs I have) and nothing seems to get rid of it. CCleaner can't delete these files either. I think that either BitDefender or SpySweeper tried to quarantine the suspect virus or spyware and was unable to. If I right-click on any of these files and click "delete" I get "Can't read from source file or disk." Every time I have tried to re-run the scans, the files have duplicated themselves. At this point I am up to about 1,000 files and over 200MB. They are all in the C:WindowsTemp folder so I think I can safely delete them. Does anybody know a program or utility I can use to force delete these files? Please let me know. Thank you for your help!

[smax013]

JcHc3in1 said:

I have a problem with a near-new computer. Somehow I got a self-replicating spyware or virus that is hidden itself in the Windows Temp folder and keeps growing more files. It has been classified by all my security software as "Adware." I ran my antivirus and spyware programs (BitDefender, SpySweeper and other free spyware/virus programs I have) and nothing seems to get rid of it. CCleaner can't delete these files either. I think that either BitDefender or SpySweeper tried to quarantine the suspect virus or spyware and was unable to. If I right-click on any of these files and click "delete" I get "Can't read from source file or disk." Every time I have tried to re-run the scans, the files have duplicated themselves. At this point I am up to about 1,000 files and over 200MB. They are all in the C:WindowsTemp folder so I think I can safely delete them. Does anybody know a program or utility I can use to force delete these files? Please let me know. Thank you for your help!

Have you tried running the scans/removals in Safe Mode? If you don't know how to boot in to Safe Mode, then this "[d-1093]" document should help.

[JcHc3in1]

Actually, I haven't booted in Safe Mode. I'll have to try that. Would still like to know of any force delete programs or utilities as a fall back option. Anybody?

[mphenterprises]

As Smax stated, Safe Mode is the more viable option. Some applications may not work within Safe Mode but you should be able to run the majority of your applications.

One long shot is temporarily shutting off System Restore. Normally, disabling System Restore would only prevent viruses or spyware that are within the System Volume Information folders. However, that does not mean disabling System Restore wouldn't help. You can temporarily disable System Restore, run your scans, restart your computer, and see if the Temp Files are still there. If they are, you can simply re-enable System Restore.

If you are not sure how to disable System Restore, follow these steps:
- Right Click on My Computer and click on "Properties"
- When that window opens up, click on the "System Restore" tab
- Within this section, you can disable System Restore
- Click OK to close the window

Again, this is a long shot but it will not hurt to try.

[mphenterprises]

Do you mean an application that will force a program to end its process? If that is the case, there is a program called Process Explorer. However, I do not know if these to situations are related.

[smax013]

JcHc3in1 said:

Actually, I haven't booted in Safe Mode. I'll have to try that. Would still like to know of any force delete programs or utilities as a fall back option. Anybody?

To my knowledge, most anti-virus companies tend to recommend booting into Safe Mode when running a scan to remove a virus. I believe some also recommend turning off Restore Points as MPH suggested.

If it is truly a malware or virus, then I don't believe some sort of "force delete" will help much. You might be able to delete the stuff current stuff, but if you don't get rid of the root malware or virus, then it will be a moot point as more stuff will appear.

The reason Safe Mode is suggested is that you are loading less things into memory and it is potentially easier to root out the virus/malware.

[JcHc3in1]

No, I mean force DELETE, as in delete a file that won't normally let you delete. These temp files are corrupted and won't let me delete them. See my original post.

[smax013]

JcHc3in1 said:

No, I mean force DELETE, as in delete a file that won't normally let you delete. These temp files are corrupted and won't let me delete them. See my original post.

Trying to delete them in Safe Mode might help.

[mphenterprises]

Okay. In that case, you do not need a program, per se. You can do a "ShiftDelete" key function. You should be able to highlight a group of files and then click Shift Delete to permanently delete these files.

Before doing that, I would still try the first two options.

[smax013]

mphenterprises said:

Okay. In that case, you do not need a program, per se. You can do a "ShiftDelete" key function. You should be able to highlight a group of files and then click Shift Delete to permanently delete these files.

Before doing that, I would still try the first two options.

Rather if you do the Shift+Delete...do it in after booting into the Safe Mode.

[SpiritWind]

Hi JcHc :

Knowing the SPECIFIC Name of your Operating System, most likely either Win XP or Vista, MAY help in recommending POSSIBLE "Removal Tools" .
IF the various "Temporary Files" categories of the FREE "ATF Cleaner", developed by antiSPYWARE Expert "ATribune", available from www.atribune.org/content/view/19/2/ can NOT "Delete" "Them", I suspect you have a serious Malware problem . In that case, I recommend you try the FREE
"RogueRemover" from www.malwarebytes.org/rogueremover.php . IF that fails to "resolve" the problem, would recommend you seek help from experienced, trained, certified, Volunteer Malware Fighters, such as the ones on the Support Forums at "SpyWare BeWare" ( unless Malware Fighter "TeMerc" shows up here ) .

[TeMerc]

This sounds to me as tho there is something on the system, which you cannot see, regenerating those files in the temp folder, a very common practice with malware.

I suggest you download HijackThis! setup from here:

downloads.malwareremoval.com/HJTsetup.exe

Save the file to your desktop.

Double-click the HijackThis! SetUp icon to begin the installation. Follow the prompts for the default install location of:'C:Program FilesHijackThis'. Tick the 'Create a desktop' button when the option appears. Select next, then allow HijackThis! to start.

Then press the ]Scan button. You will notice the Scan button will turn into a ]Save Log button. Click the ]Save Log button and notepad will open up with the contents of the scan. Right-click in the saved log, and select 'copy'. Then proceed to your original thread, unless otherwise instructed and click the '[Reply]' button and paste the saved contents to be reviewed. Do not make any modifications to the log or perform any 'fixes' until told to do so.

Also please be sure to perform only the instructions I have posted and nothing more. Instructions are given in a specific order in many cases and attempts at steps which you may think are helpful, may not be.

[JcHc3in1]

Thank you smax013 and mphenterprises for helping me out and so quickly yesterday. I booted in Safe Mode and tried to run my scanners. Webroot Spy Sweeper had a specific setting for Safe Mode and didn't find anything. BitDefender couldn't run at all because its "Virus Shield" (startup function for real-time protection) wouldn't boot up since Safe Mode won't allow anything in the tray. But I was able to run a few other scanners as well and nothing was found. I looked up the files again and was able to delete them all. I then rebooted my computer and re-ran every scan, again with nothing being found. I ran CCleaner and Disk Cleanup and then Defragged the sucker. It appears everything is working fine now. Of course I'll let you know if that changes. I sure hope this is the end of my problems.

SpiritWind and TeMarc, thank you for your efforts but it doesn't look like my problems run that deep. Thank God. I have 2 different rootkit and malware scanners I run weekly and I ran them again yesterday and they didn't find anything.

[mphenterprises]

With Pleasure. :-) If you run into any other problems, please post and let us know.

[smax013]

Glad to help. B-)

[tiger82]

You can delete anyfile using a freeware application

called MoveOnBoot 1.95

http://download.soft...TEM/moveonb.msi

Select any file and then reboot and it will be deleted

Cheers

[dragon69]

many anti virus program makers also produce a live disk that you can down load and burn to a disk so if safe mode does not work then try this



here is a link to a small comparison of 13 live disk ( i will put two links and one or both should work and should be to the same page)

http://www.raymond.c...st-rescue-disk/

<a href="http://www.raymond.cc/blog/archives/2008/12/11/13-antivirus-rescue-cds-software-compared-in-search-for-the-best-rescue-disk/" >13 Antivirus Rescue CDs Software Compared in Search For the Best Rescue Disk</a>



good luck and take care

chuck

their is also a unlocker program but i have not tried it yet ( no need yet)

http://ccollomb.free.fr/unlocker/