Jump to content


Photo

How Do I Find & Delete Archive Files Manually?


  • Please log in to reply
12 replies to this topic

#1 willogee

willogee

    Newbie

  • Members
  • 5 posts

Posted 24 November 2007 - 01:42 PM

Hi I'm a newby, and the result of a virus scan shows 2 infections that are "unresolved". An extract of the log is as follows:

Remaining issues:Object Name Threat Name Final Status
C:\Documents and Settings\Ang\Local Settings\Temp\BIT58.tmp=]archstored:ac8zt2/edi.exe Trojan.Agent.BHO.N Delete Failed (file was in an archive)
C:\Documents and Settings\Ang\Local Settings\Temporary Internet Files\Content.IE5\TBJMH6I1\VideoAccessCodecInstall[1].exe=](NSIS o)=]lzma_solid_nsis0003 Trojan.Downloader.Zlob.ABBK Delete Failed (file was in an archive)

In the support page on unresolved issues it says that archive files need to be deleted manually. My question is how do I do this? How do you find them? I've tried Windows Explorer and also using command prompt but seem unable to get to them

Thanks
Will

#2 Niels

Niels

    BitDefender Evangelist

  • Regular Bitdefender Poster
  • PipPipPipPipPipPip
  • 3,353 posts
  • Gender:Male
  • Location:Belgium
  • Interests:watching horror movies , PC and security , moutainbiking

Posted 24 November 2007 - 01:51 PM

Dear willogee

In this case the archives are located in a hidden folder. To solve that click on start,my computer go to the tools menu,folder options,display (view),check show hidden files and folders on apply. Now you have navigate further to documents and settings,Ang,no you will see the folder local settings,Temp
You need to close your internet browser first.

Best regards
Niels

#3 willogee

willogee

    Newbie

  • Members
  • 5 posts

Posted 24 November 2007 - 03:17 PM

Niels

Thanks for prompt response.

Yes I did this (show hidden folders) and this enabled me to get to the "Temp" directory and delete that one OK, but I cannot find the other directory "Tempory Internet Files".

Any further suggestions very welcome.

Thanks
Will

#4 Niels

Niels

    BitDefender Evangelist

  • Regular Bitdefender Poster
  • PipPipPipPipPipPip
  • 3,353 posts
  • Gender:Male
  • Location:Belgium
  • Interests:watching horror movies , PC and security , moutainbiking

Posted 24 November 2007 - 05:12 PM

Dear willogee

Uncheck hide protected operating system files and press on apply and ok. You find that option also in the same menu where you enabled show hidden files and folders.

Best regards
Niels

#5 willogee

willogee

    Newbie

  • Members
  • 5 posts

Posted 24 November 2007 - 08:01 PM

Niels

Yes, that's allowed me to find and delete the files.

Many thanks!

#6 Fida

Fida

    Poster

  • Regular Bitdefender Poster
  • Pip
  • 52 posts

Posted 01 December 2007 - 11:56 AM

Hello there, I have been trying to delete a file in my Archive but wasn't able to locate it. After I read your advices here( thanks alot) I finally found it, but unfortunatly I couldn't delete it. What should I do to delete it becasue this file was detected by my scan as a virus.

Edited by Fida, 01 December 2007 - 11:57 AM.


#7 Niels

Niels

    BitDefender Evangelist

  • Regular Bitdefender Poster
  • PipPipPipPipPipPip
  • 3,353 posts
  • Gender:Male
  • Location:Belgium
  • Interests:watching horror movies , PC and security , moutainbiking

Posted 01 December 2007 - 02:54 PM

Dear Fida

Can you please post the exact location where BitDefender found the infection? Do obtain that information in the 2008 products do this: double click on the red BitDefender icon near the system clock click on history post the result of realtime events where infections were found and also by the latest finished scan. By double clicking on it and post the location. For earlier products you have to click on general events for the rest it's the same.

Best regards
Niels

#8 thomasG

thomasG

    Newbie

  • Members
  • 1 posts

Posted 24 January 2008 - 11:36 PM

Hi i have done a full system scan and its found the follow trojan but wont delete it.


" Trojan.Agent.Delf.FQ "


The path is as follows

System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\DisplayName=]C:\WINDOWS\SYSTEM32\ROUTING.EXE Trojan.Agent.Delf.FQ

Can u tell me how i can manually delete it.


thanks

kind regards

thomas

#9 Niels

Niels

    BitDefender Evangelist

  • Regular Bitdefender Poster
  • PipPipPipPipPipPip
  • 3,353 posts
  • Gender:Male
  • Location:Belgium
  • Interests:watching horror movies , PC and security , moutainbiking

Posted 25 January 2008 - 11:02 AM

Dear thomasG,

Did BitDefender removed or quarantined routing.exe in the system 32 folder? Reboot your pc into safe mode you can do this by pressing several times on the F8 button before the windows loading screen select safe mode press enter log in with your account. Go to start,run,type,regedit press enter expand hkey_local_machine (by clicking on the +-icon) and open the following folder and subfolders:system,currentcontrolset,services,remote access,now you have to take a look at the right side of the screen you will see an entry called DisplayName you may only find 1. If 2 pressent you may only delete the one that have C:\WINDOWS\SYSTEM32\ROUTING.EXE as value. If only 1 edit by double clicking on it and by changing C:\WINDOWS\SYSTEM32\ROUTING.EXE to Routing and Remote Access.
You may exit regedit afterwards.

Best regards
Niels

#10 JLWS

JLWS

    Newbie

  • Members
  • 3 posts

Posted 26 January 2008 - 12:58 PM

Hello,

After reading all the above posts, I am wondering if I should follow the same way to remove the spyware "Trojan.Agent.Delf.FQ" as thomasG. The report is as follow:


//-----------------------------------------------------------------
//
// Product: BitDefender 9 Professional Plus
// Version: 9.5
//
// Created on: 26/01/2008 14:02:37
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
Folders : 12402
Files : 564393
Archives : 8739
Packed files : 30889
Identified viruses : 0
Infected files : 0
Warnings : 0
Suspect files : 5
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 1
Renamed files : 0
I/O errors : 45
Scan time : 04:37:30
Scan speed (files/sec) : 33

Spyware Statistics

Memory processes scanned : 57
Memory processes infected : 0
Registry keys scanned : 333
Registry keys infected : 0
Cookies scanned : 183
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 972318
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1201327357.log

Spyware scan options

[X] Memory Processes
[X] Registry keys
[X] Cookies


Summary:

<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\DisplayName=>C:\WINDOWS\SYSTEM32\ROUTING.EXE Suspect: Trojan.Agent.Delf.FQ
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\DisplayName=>C:\WINDOWS\SYSTEM32\ROUTING.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\DisplayName=>C:\WINDOWS\SYSTEM32\ROUTING.EXE Move failed
<System>=>C:\WINDOWS\system32\routing.exe (memory dump) Suspect: Trojan.Agent.Delf.FQ
<System>=>C:\WINDOWS\system32\routing.exe (memory dump) Disinfection failed
<System>=>C:\WINDOWS\system32\routing.exe (memory dump) Move failed
<System>=>C:\WINDOWS\system32\routing.exe (disk) Suspect: Trojan.Agent.Delf.FQ
<System>=>C:\WINDOWS\system32\routing.exe (disk) Disinfection failed
<System>=>C:\WINDOWS\system32\routing.exe (disk) Move failed
<System>=>C:\WINDOWS\system32\routing.exe (full dump) Suspect: Trojan.Agent.Delf.FQ
<System>=>C:\WINDOWS\system32\routing.exe (full dump) Disinfection failed
<System>=>C:\WINDOWS\system32\routing.exe (full dump) Move failed
C:\WINDOWS\system32\routing.exe Suspect: Trojan.Agent.Delf.FQ
C:\WINDOWS\system32\routing.exe Disinfection failed
C:\WINDOWS\system32\routing.exe Moved

I tried to remove this virus via bitdefender but it won't move it to qurantine nor disinfect the files. I tried using Ad-aware 2007 to remove it but it did not even detect the trojan. So should I follow the steps above? I am sure that the trojan is in the system even though bitdefender says it suspects only.Thx.

Kind regards
Joseph

Edited by JLWS, 26 January 2008 - 12:59 PM.


#11 stardj

stardj

    Newbie

  • Members
  • 1 posts

Posted 27 January 2008 - 12:18 AM

I have almost the exact messages as JLWS. I would like to know if I should do the same thing as him as well for the file ALG.exe. The full message is:
<System>=>C:\Windows\alg.exe (disk) Infected:Behaveslike.Win32.fileinfector
<System>=>C:\Windows\alg.exe (disk) Disinfection failed
<System>=>C:\Windows\alg.exe (disk) moved failed

please help thanks.

#12 erindenae

erindenae

    Newbie

  • Members
  • 1 posts

Posted 11 June 2008 - 06:38 PM

I am getting a similar message from bitdefender. Can someone please help me?


C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13D47326.de1=](Quarantine-2)=][Subject: Re:][Date: Mon, 09 May 2005 01:00:38 UTC]=](MIME part)=]our_secret.zip=]Winzipped-Text_Data.txt .pif Win32.Sober.O@mm Delete Failed (file was in an archive)
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13D47326.de0=](Quarantine-2)=][Subject: FwD: Re:][Date: Sun, 08 May 2005 21:52:42 UTC]=](MIME part)=]our_secret.zip Win32.Sober.P@mm Delete Failed (file was in an archive)
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13D47326.de3=](Quarantine-2)=][Subject: FwD: Re:][Date: Mon, 09 May 2005 22:12:09 UTC]=](MIME part)=]our_secret.zip Win32.Sober.P@mm Delete Failed (file was in an archive)




#13 Niels

Niels

    BitDefender Evangelist

  • Regular Bitdefender Poster
  • PipPipPipPipPipPip
  • 3,353 posts
  • Gender:Male
  • Location:Belgium
  • Interests:watching horror movies , PC and security , moutainbiking

Posted 12 June 2008 - 11:04 AM

Hello erindenae,

Can you please do the following?

Click on start,my computer,documents and settings,all users. Now go to the tools menu,folder options,view (display), select show hidden files and folders press on apply and ok. Now you will see a folder called application data navigate further too Symantec\Norton AntiVirus\Quarantine and delete the content.

Best regards
Niels





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users