Infection by test.exe, how to delete a file [FIXED]

Insection · Post by **Insection** » 08 Jan 2009, 20:37

OK guys.

I have a .exe on my desktop, when i try to delete it, i get the error message saying this file is being used by another process.

I go to task manager and end nearly all the processes, except the system ones where you cant end.

It still wont let me delete the file, same error message.

I check my startup files and all are normal

I tried overwriting the file, renaming it..... It still chooses not to get deleted

I scanned the .exe its not a virus apparently....

Post by **DNR** » 08 Jan 2009, 20:50

Go into safemode and try again. Shutting down the system and doing a limited boot might prevent the app from having any processes hooked.

You might have to even boot to C:\ and follow your directory
C:\Documents and Settings\username\Desktop\xxxxx.exe
to DEL it

DNR

Still_Learning · Post by **Still_Learning** » 08 Jan 2009, 20:52

try going to run, then typing msconfig, then checking to see if there is a problem there, make sure the virus, malware or whatever is not starting every time your PC does, or browser goes

Post by **ph0bYx** » 09 Jan 2009, 05:09

I know what you mean. Every second .exe file that I download from the net (not a virus), usually a setup, won't delete even after restart.
I found GiPo-FileUtilities very good at this with very useful options.

Post by **floodhound2** » 09 Jan 2009, 07:30

Do as DNR suggested or at least tell us the name of the file. You can also do an msconfig and reboot. Then deleting the file.

- Its just a program that is being ran as you are trying to delete it. Windows needs you to clear it out of ram before it can be deleted off the hard drive.

Post by **DNR** » 09 Jan 2009, 09:35

Instead of malware, I find a lot of applications put out in beta stages or just poorly written. This means I have an application that might be badly coded enough that is hooks on to windows processes and leaves them in a loop. You might have also cancelled the install while it was in the process. The same thing happens - some process is left hanging or waiting, or has an unexpected error and just hangs. The program never actually shuts down, so you can't delete something that is using a windows process.

It could be malware, but you haven't given us the exe file name.
Replace Taskman with process explorer.

DNR

uid0 · Post by **uid0** » 09 Jan 2009, 12:10

Just an extra note since everyone has covered the other possibilities,

if indeed its malware, not always it can't be deleted because it is hooked on a process, sometimes they're just placed in the file system with the +S flag in which case a simple attrib -s file.exe from the command line will be enough for you to delete it.

Insection · Post by **Insection** » 10 Jan 2009, 20:30

Here i hosted the file

http://rapidshare.com/files/181945273/test.exe.html

or

http://www.megaupload.com/?d=CUXSGSAD

Please dont be foolish enough to open it.....

I dont know what you can make of the file but if someone could analyze it, it might help...

uid0 · Post by **uid0** » 10 Jan 2009, 21:04

well, things like jotti and virustotal didn't report anything about the file

tried to run it using wine and all I have was a message saying bad exe format, of course that could be just a wine incapacity to run the file, is the first time I see that message in particular using wine but who knows =/

Post by **DNR** » 10 Jan 2009, 21:20

ok, I assume problem #1 was fixed, the file (what ever it is) was deleted from the desktop as needed.

As far as finding out about the code, anything labled test.exe could be anything, so no bother, just delete it.

DNR

Insection · Post by **Insection** » 10 Jan 2009, 21:20

I cant do system restore anymore?

The file also somehow disables system restore in a way.. lol im screwed for sure...

I tried shredding the file and same error message...

Post by **DNR** » 10 Jan 2009, 21:22

sigh, so you ran the program and your problem is more than just removing a file on your desktop. Changing your subject title to reflect your true issue

DNR

Insection · Post by **Insection** » 10 Jan 2009, 21:32

Holy shit... this sonofabitch will not get deleted..

Im really pissed right now..... Im one of those blokes that keep their desktop tidy and neat....

Shit..... a stupid 2kb code doesnt get fucked.... I tried overwriting it, shredding it, a load of other stuff and no progress..

There is probably a simple solution, but i cant seem to find out.

Post by **DNR** » 10 Jan 2009, 21:45

I told you to shutdown and boot to C:\ or at least safe mode
Have you done that yet?

Have you installed process explorer yet?

DNR

Insection · Post by **Insection** » 10 Jan 2009, 21:52

ok thats a starting point...

lemme do it and tell you what happens