Hi malware fighters,
Whenever DEL and Shift-DEL fail, one is left more or less empty-handed;
Reluctant file : Admin 1 – 0.
Which tools are left to help us with removing the file at hand?
A file that could have been the cause a hard disk was full
or prevented a servicepack to install?
Files can get locked by certain processes,
so a file cannot be moved or deleted by another process,
even if that process is run by an admin.
It is a pity that in many cases it is unknown what process keeps what file hostage
and even when we know that,
we haven’t got a guarantee it can be either moved or deleted.
Posponed action
When you want to move or delete these files,
there are some Sysinternals-tools that can aid in that process.
MoveFile can run a postponed action at system restart
like moving or deleting.
Well we need to restart - that is true.
But while the action is performed directly upon restarting it will be executed,
and the chance of the file being locked before an admin can react is small.
MoveFile uses the MoveFileEx API for this purpose: http://msdn.microsoft.com/en-us/library/aa365239(VS.85).aspx
that comes in Windows by default and that puts an action in a row for Session Manager.
Commandline
PendMoves is the second program to use here.
With it open MoveFile-actions can be shown.
Both programs come together and belong together,
and therefore can be downloaded as one download via TechNet-website:
http://technet.microsoft.com/nl-nl/sysinternals/bb897556(en-us).aspx
MoveFile and PendMoves are both commandline-tools.
With movefile and a following filename together with the new location,
a file is being replaced.
Through Movefile with giving in twice a “” you leave the new location empty
to change the move into a delete.
Via PendMoves scheduled actions can be demanded,
pol