Hi there I have a small problem that I hope you wise people can help me out with.
I got sent a file that contained the following Trojan’s. PWSteal.Trojan(ibm00001.dll), Trojan.AleMod(oleext32.dll), Trojan.Startpage(paytime.exe), AdwareDollarRevenue(toolbar.exe). Downloader.Trojan(tool3.exe), Trojan.Desktophijack.B(oleext.dll).
I think that I have removed these using A few Antivirus and antispyware programs, but have 2(I hope) files that I just cannot remove without them reappeairng.
1 - Wininit.ini with the following text.
[Rename]
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\VQRFE.GLV=C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS.BAK
The actual file being renamed changes everytime i delete this file.
2- Hosts.bak Size 354kb dated 21/11/2005 15:07 marked as read only and hidden.
If I try to do anything with this file at all I keep getting an Access Denied Error, and if I delete with cyberscrub It just reappears.
There is a good tool to fix this troubles for you, by the name of Hostfix. Go to Jay Loden’s site to download it, here: http://www.jayloden.com/hostfix.htm
Thanks for the quick reply, The thing is the is nothing wrong with the actual Hosts file, mine is regularly updated with downloads from http://www.mvps.org. It is the Hosts.bak file that is the problem, it is undeletable, and is a different size to Hosts File.
[b]Usage Information:[/b]
Download this file, extract it, and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X).
It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.
I guess the words hopefully your file will be gone are relevant.
I have tried delete on reboot, replace on reboot, and standard file kill all to no avail. It just won’t go, even trying to put it into Avast Chest didn’t want to know. Keep getting access denied what ever I try to do.
Probably this is a process running, and there is why you cannot touch it (just like a swap file), you could try to rename it fully. Give another name and extension, just like lousy.txt for instance and safe. Then try to delete, or you get replacer from the net, if you have Win2xxx or XP that should do the trick, get it from here: http://www3.telus.net/_/replacer/ and then try to kill this process. Else you might consider to put a HJT log to be analyzed.
Hi guys,
you are the best I used replacer that renamed it and also changed the permissions for it making it “available” for deleting with cyberscrub and now it is gone.
woo hoo
when it was deleting an odd file popped up 1 meg in size so do you think it may have beed an AD file.
Well you are welcome, glad you could put that behind you then.
Secure your comp well as you can read about here on this forum.
I am glad the malware fighter won this time,