#1
  1. Moderator Emeritus
    Devshed Supreme Being (6500+ posts)

    Join Date
    Feb 2002
    Location
    Austin, TX
    Posts
    7,188
    Rep Power
    2265

    deleting virus files


    My XP Pro box has caught a virus that I'm unable to delete via cmd line or via win explorer.

    How can I change the permissions on the file so that I can delete it?

    I also tried to remove it via Norton antivirus' wipe file feature, to no avail.

    Any suggestions?
    DrGroove, Devshed Moderator | New to Devshed? Read the User Guide | Connect with me on LinkedIn
  2. #2
  3. Moderator Emeritus
    Devshed Supreme Being (6500+ posts)

    Join Date
    Feb 2002
    Location
    Austin, TX
    Posts
    7,188
    Rep Power
    2265
    nevermind - got 'em. Just rebooted & it let me delete them.

    Now I just have to figure out how to get task manager to start working again... :\ darn XP!
    DrGroove, Devshed Moderator | New to Devshed? Read the User Guide | Connect with me on LinkedIn
  4. #3
  5. Perl Monkey
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    May 2003
    Location
    the far end of town where the Grickle-grass grows
    Posts
    1,860
    Rep Power
    109
    I actually talked a guy through something that sounds a lot like that a few days ago. Google around for "RPC DCOM exploit" or something like that. Whoever popped into his system dropped off a couple of files that look like "msconfig" but had numbers at the end. He found them with "Startup.CPL" since the real msconfig wasn't working along with task manager. Boot into safe mode with them not running and delete, remove from startup, and I think that's about all he did. Be sure to visit windows update and get a few security updates. There's a few specifically for the RPC hole.

    Hope it helps.
  6. #4
  7. Moderator Emeritus
    Devshed Supreme Being (6500+ posts)

    Join Date
    Feb 2002
    Location
    Austin, TX
    Posts
    7,188
    Rep Power
    2265
    Originally posted by icrf
    I actually talked a guy through something that sounds a lot like that a few days ago. Google around for "RPC DCOM exploit" or something like that. Whoever popped into his system dropped off a couple of files that look like "msconfig" but had numbers at the end. He found them with "Startup.CPL" since the real msconfig wasn't working along with task manager. Boot into safe mode with them not running and delete, remove from startup, and I think that's about all he did. Be sure to visit windows update and get a few security updates. There's a few specifically for the RPC hole.

    Hope it helps.
    '

    That does help, thank you!
    DrGroove, Devshed Moderator | New to Devshed? Read the User Guide | Connect with me on LinkedIn

IMN logo majestic logo threadwatch logo seochat tools logo