can't delete folder

i cant delete, move, rename folder !!!
missing security information

http://s019.radikal.ru/i601/1308/e5/04d6295ddb8a.png

hello

Download here: http://oldtimer.geekstogo.com/OTL.exe

Register OTL on your Office(Desk).

If you have XP = > double click
If you have Vista or Windows 7 / 8 = > right click “as administrator”

On OTL.exe to Launch it.

Click here to configure it : http://www.archive-host.com/files/1897388/ecd939269bcc7cdfed2d2e726c22709a32db3067/OTL.PNG

Copy and Paste the contents of what follows in bold face in the bottom of OTL “Customization”(“Personalization”)


HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
%Homedrive%*
%Homedrive%*.
%Userprofile%*
%Userprofile%*.
%Allusersprofile%*
%Allusersprofile%*.
%LocalAppData%*
%LocalAppData%*.
%Userprofile%\Local Settings\Application Data*
%Userprofile%\Local Settings\Application Data*.
%programFiles%*
%programFiles%*.
%Systemroot%\Installer*.
%Systemroot%\Temp*.exe /s
%systemroot%\system32*.dll /lockedfiles
%systemroot%\system32*.exe /lockedfiles
%systemroot%\system32*.in*
%systemroot%\Tasks*
%systemroot%\Tasks*.
%systemroot%\system32\Tasks*
%systemroot%\system32\Tasks*.
%systemroot%\system32\drivers*.sy* /lockedfiles
%systemroot%\system32\config*.exe /s
%Systemroot%\ServiceProfiles*.exe /s
%systemroot%\system32*.sys
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndisuio.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT

Click on “Analyse”

At the end of the scan, the Pad is going to open with the reports (OTL.txt) and (Extras.txt).

These files are on your Desktop.

Give the links of both files onto cjoint.com http://cjoint.com

http://cjoint.com/13au/CHmuWBVsw1G.htm
http://cjoint.com/13au/CHmuVEiUCvA.htm

let’s disinfect…

Download and register ( direct link) http://www.bleepingcomputer.com/download/adwcleaner/dl/125/ ADWCleaner on your office(desk):

Wait that the window of confirmation of download arrives

launch it, (For vista / 7 / 8 = > right click " executer as administrator(director) ")

Click abolition(deletion) and post C:\Adwcleaner [ Sx].txt

scan or delete??
http://cjoint.com/13au/CHmvWWSRTKk.htm

Hi 1997rob,

Follow g3n-h@ckm@n’s instructions, he will help you towards the disinfection.
For the malcode, see: https://www.virustotal.com/nl/url/39549e6884831e98ae995627e72c8322d028c70e1c66bb0118f20965f9872b39/analysis/1376336719/
iFrame malware redirection…http://urlquery.net/report.php?id=4525602

polonus

i click delete and here is this after reboot

AdwCleaner v2.306 - Logfile created 08/12/2013 at 23:53:25

Updated 19/07/2013 by Xplode

Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)

User : ROB - PROBOOK

Boot Mode : Normal

Running from : C:\Users\ROB\Desktop\AdwCleaner.exe

Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mail.Ru
Folder Deleted : C:\ProgramData\Ticno
Folder Deleted : C:\Users\ROB\AppData\Local\APN
Folder Deleted : C:\Users\ROB\AppData\Local\PackageAware
Folder Deleted : C:\Users\ROB\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\ROB\AppData\LocalLow\blekko

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Ticno Multibar
Key Deleted : HKCU\Software\90dfdabc6ebf44
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekko_1311013_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekko_1311013_RASMANCS
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Ticno Multibar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Classes\Interface{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{FE0273D1-99DF-4AC0-87D5-1371C6271785}

***** [Internet Browsers] *****

-\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\ Google Chrome v28.0.1500.95

File : C:\Users\ROB\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2643] : homepage = “hxxp://www.search.ask.com/?l=dis&o=102876cr&gct=hp”,

-\ Opera v12.16.1860.0

File : C:\Users\ROB\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.


AdwCleaner[S1].txt - [5711 octets] - [12/08/2013 23:53:25]

########## EOF - C:\AdwCleaner[S1].txt - [5771 octets] ##########

This was the IDS alert found there on 07-26-2013 → ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
Site gives various errors on test pages → http://evuln.com/tools/malware-scanner/cjoint.com/
Excessive Headers will give out to the world and attackers too much info on webserver and software details so apparent attacks can be sought against these…
Re: https://asafaweb.com/Scan?Url=cjoint.com%2F11ju and see what I mean here: http://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/version_id-26306/Openssl-Openssl-0.9.8.html

polonus

ok do that now : (choose English of course ^^ )

http://translate.google.fr/translate?sl=fr&tl=en&js=n&prev=_t&hl=fr&ie=UTF-8&u=http%3A%2F%2Fsecurity-helpzone.com%2Fgen-hackman%2Ftutos-canneds%2Fmalwarebytes%2F

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
ROB :: PROBOOK [administrator]

Protection: Disabled

8/13/2013 1:55:58 AM
mbam-log-2013-08-13 (01-55-58).txt

Scan type: Full scan (C:|D:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256634
Time elapsed: 1 hour(s), 15 minute(s), 6 second(s) [aborted]

Memory Processes Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) → 2340 → Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\KMService.exe (RiskWare.Tool.CK) → Delete on reboot.
D:\Games\Need For Speed. Hot Pursuit\NFSHP_Activator.exe (RiskWare.Tool.CK) → Quarantined and deleted successfully.

(end)
i cant delete only this folder not all

hello

I understood but I prefered disinfect before :slight_smile:

give me the adress of the folder you want to delete , and do again what you have done with OTL before with the same settings and Attach with cjoint.com

folder on my desktop
i don’t think that this is a malware

I FOUND HOW TO SOLVE THIS PROBLEM JUST DOWNLOAD UNLOCKER, SHOW THE FOLDER LOCATION, CHOOSE DELETE AND CLICK OK THATS ALL :slight_smile:

ok that’s a good thing

we have to finish to disinfect your computer…i’m waiting for the new OTL ’ s reports

i solved my problem :slight_smile:
thanks for helping :wink:

CLOSED

If the disinfection is not ended, it is not good I indicate you that you were infected and that there are still certainly rests.
Too bad, good continuation and see you soon

bye

Hi 1997rob,

g3n-h@ckm@n is right, there are still remainders of executable malware and it is vital for your computer security to cleanse this.
Follow his instructions and continue with the proposed cleansing routine.
The man assisting you is an anti-malware coder, he knows exactly what he does. and so you are in the best of hands during this cleansing routine,

polonus