Cant delete file named rescache.hit when uninstalling?

I had a problem yesterday when Wiondows told me Avast was not running. Uniinstalled, used aswclear from safemode. A directory on root of c:/ was left, entitled “avast! sandbox” with multiple directories. Could not get folder/ file to delete even from safe mode. Traced the problem to one file called “rescache.hit”. All google searches suggest this is some kind of virus but thought Id come here for answers. Have reinstalled but dont get why it wont go away, even when using Admin account.

What is it? Why does it not delete, even with ‘aswclear’ tool? Can this be addressed?

screenshot shows directory and file name structure on root of C:

are you able to upload it to www.virustotal.com ?

run a quick scan with Malwarebytes and see what it say

if anything is found post the scan log here

I am sure I can upload it, but I was first wanting to find out if it is part of Avast!7. Also, besides for format/reinstall; how can I delete it? It acts like its one of those locked files that Windows relies on. Also, Im sure it must be pure coincidence but my CPU fan stopped working… well, not the fan but the controller for it. Very strange but Imma blame it on coincidence.

I dont want to go to anyone other than Avast for this answer. No offense… I just have developed a trusted faith with Avast.

BTW... what is this site you recommend AND why isnt it an Avast site?
you upload suspicious file(s) and test it with 40+ malware scanners to see if it is malware

eksample here
https://www.virustotal.com/file/c9850e4697f49d198906d28e393a3973a3db6c58a41fa7cd1a2e6f1e7aabc86f/analysis/

Isnt Avast!7 desiugned to handle it as well? Why recommend something that isnt my product choice
No security program have 100% detection and Malwarebytes is one of the best removal tools if you check the Evangelist signatures here you see everyone is using it as an extra scanner

I did it but again, Im really an Avast only person usually. Anyhow, the scanner had some sort of iussue and gave me an “Oops!” pop-up then just got stuck in scanning.

Back to the subject… is this an Avast7! file or not? If no then I think I need to submit it to Avast for deeper analysis (where is the link on how to upload to Avast server, if anyone can re-point me there). The only things I can find on it suggest it belongs to a Beta RC releaase of Windows yet Im running FULL version of W7 Pro(64).

can this be it

http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/a636c4ce-40c8-4d0a-9d05-052740fea750/

Most everyone is using opensource software such as Linux and FF, but Iv already posted about *nux builds being exploited more than Win servers last year. Im not looking for debate but I do appreciate your suggestions.

BTW… here are a couple of links on files with the same names:

http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/a636c4ce-40c8-4d0a-9d05-052740fea750/
http://f.virscan.org/ResCache.hit.html

I dont think so. If it is, it doesnt make sense its in the directory it is. Nor am I running RC version(s) of anything. If they left it in the final release then fine, but again, it doesnt match where it would be.

While we are discussing what it is and where it comes from… how can I delete it without DL the virus called fileunlocker.

and the virscan link you posted show zero hit for malware

http://r.virscan.org/f0c18ccf0d324165e6ca534f52e794cd
http://r.virscan.org/886050185c969f2c1bc0e42580853e09

Plenty of folks swear by Android and *nux but its become obvious they ARE NOT as secure as made out to be. Iv posted about *nux builds being exploited more than Windows servers last year already. Not to mention Avast makes an security suite for Android because Avast recognises, at least with Android, its been taken advatage of by an illicit element.

But Im not looking for debate, just say’n.

Okay… why cant I delete it? Why is not NOT in the usual spot it should be as per the socialnet MS link? As you stated, no scanner is perfect and if its some unknown; which I still doubt, then maybe its a new method not being considered.

TO BE CLEAR… I dont really think its a virus (but I could be wrong).

Either way, its in a directory entitled Avast! Sandbox. Used all tools present to get rid of the directory and file… none worked. This should be addressed, not debated wther its a virus or not. Not to mention, if it was and was ‘clever’ enough; Im sure someone could be redirecting my upload or even the page Im trying to upload to.

Lets focus on the question “Is this an Avast file; or should I submit it to Avast from another PC?”

BTW… here is a notepad look at the file:

Okay... why cant I delete it? Why is not NOT in the usual spot it should be as per the socialnet MS link? As you stated, no scanner is perfect and if its some unknown; which I still doubt, then maybe its a new method not being considered.

TO BE CLEAR… I dont really think its a virus (but I could be wrong).


so why not test at virustotal and see ?

It is a legitimate folder, I have one on windows 7

Removal of the folder can have an adverse affect on your system

This IS NOT the same file… and its in a directory created apparently by Avast (yours is in Windows directory; which Im sure I have one there as well but this one is a directory entitled Avast! Sanbox). So your example DOES NOT equeal the problem in this instance. I appreciate your contribution though.

not tested it a virustotal yet ?

I know a tool that may be able to delete it…if thats what you want

I have used a tool called fileunlocker before but Avast, after three or so scans FINALLY identified something inside it… if thats the tool you refer to

Ya know, I cant help but discuss how ‘flamed’ Im begining to feel… but we all forget to read all the posts at one time or another… so for now, Ill let it be.

I have used a tool called fileunlocker before but Avast, after three or so scans FINALLY identified something inside it... if thats the tool you refer to
Nope

Isnt there a way to ‘unloack’ the file WITHOUT downloading software that somebody I dont know created. Not to be all ‘paranoid’ but this is my 60+ year old ma’s PC and it would be unacceptable to end up with some trojan or something.

Whats the file, and where can it be DL from? What information can be provided on its maker/developer?

Back to the topic. Why is Avast creating this directory and fileset? Why does the Avast aswclear not remove it or why is it NOT removed during uninstallation?

Iv submitted a support ticket on this but it seems that only the first paragraph was read and the rest assumed. They did not address the problem at all… which is getting to be a pattern. I am going to attempt to phone YoGi about it, but that gets even worse for Americna English comprehension… not trying to sound offensive, just a fact.

if you tested the file at virustotal (there is noting to download) you browse to the file and scan it
you then get a result malware not malware…at the bottom of the result is a more info button that may give the info you want (if there is a sigcheck it may tell you where the file came from)

the program i suggested in my first post Malwarebytes ( very trustworthy ) is the first tool all the pro malware removers start with
it has a extra tool inside called FileASSASSIN you browse to the file and click kill…kabom…it is gone

Pondus…

I appreciate your help in trying to just delte the file, but what needs addressed is what created it (it seems Avast did but ???). Also, what needs to be addressed is why the aswclear tool DID NOT clean it up when ran in safe mode. If Avast is creating this file and its directory tree then when uninsatlled; it SHOULD be cleaned up… right? If regular uninstalltion isnt doing it, then the tool Avast says to use to do the rest SHOULD clean it up… right?

Lets stay on focus. Youve given great software to go and DL… I appreciate that.

The help Im looking for is more of an explanation of how and why this is being created… and then why its unable to be cleaned up thru Avast recommended methods (if in fact Avast is creating it). This is a problem that needs more than just non-Avast methods to fix it.