«

Tappy Lappy wrote:
> "Trax" <> wrote in message
> news:...
>
>>"Tappy Lappy" <Tappy > wrote:
>>
>>|>> |>Thanks Willy, tried it but still no use. The file is not locked, its
>>|>> just
>>|>> |>that it doesn't appear to
>>|>> |>exist, yet the icon shows up on the desktop, and also in DOS.
>>|>>
>>|>> Then in DOS type in: DIR /X within the same dir as your file, this
>>|>> will give you it's 8.3 file name - delete the file using that file
>>|>> name, (ie: avg70f~1.exe)
>>
>>|>> --
>>|>If by a 8.3 file name you mean one with the ~, it does not have one (Pls
>>see
>>|>my reply to
>>|>Brian).
>>|>The folder which contains it, ie utilities, does have a file name in
>>this
>>|>format "UTILIT~1" but
>>|>when I try to delete the folder I get the message *******\prime.exe
>>cannot
>>|>be found.
>>|>AAAAAAAARRRRRGGGGHHHHH
>>
>>I use a program called CMFILER for problems like this, I can't find a
>>download of it without registration. It's a Norton Commander type
>>program. Used to be my Explorer under DOS.
>>
>>It does run under XP and below.
>>
>>It's an option, I know it will delete your file.
>>
>>--
>>
>>Third world bomb squad
>>http://67.50.205.164/images/firearms...dBombSquad.wmv
>
>
> Thanks for everything, I will try to find it and give it a go.
>
>

You are running in an "administrator" account aren't you?

OK - here's my .02. Sorry for top-posting - this is one of many methods (so
far) so give it a try too.

To delete an "undeletable" file



Sometimes, in winxp, when you try to delete a file you will get a window
that pops up to tell you that the file is in use by another application and
can't be deleted or renamed or moved or anything else. Here's the way to
delete the file.



Open a command prompt and leave it open. Click Start, Run, and enter
TASKMGR.EXE. (or press ctrl, alt, and delete so the task manager opens.)
Go to the processes tab and end process on explorer.exe. Leave the task
manager open and go back to the command prompt window. Change to the
directory where the undeletable file is located. At the command prompt,
type DEL <filename>. Note <filename> is the name of the file you're trying
to delete. You can check for the file by typing DIR/P at the command
prompt. After its deleted, type exit at the command prompt. Go back to the
task manager and click file, new task. Enter explorer.exe to restart the
GUI shell. Close the task manager.



This seems to be a little complicated, but when all else fails. . . . . .


Tappy Lappy wrote:
> <Harrison> wrote in message
> news:...
>> On Tue, 30 Aug 2005 08:48:32 +0000 (UTC), "Tappy Lappy" <Tappy
>> > wrote:
>>
>>> I am trying to delete a file, prime.exe, and although it shows on
>>> the desktop and is found when using the search facility I get the
>>> message "Cannot delete prime.exe. Cannot find the specified file".
>>> I am using XP home edition, is there any way to get rid of it?
>>> TIA
>>
>> Reboot to safe mode into the Administrator's account and delete from
>> there.
> Hi, thanks for the advice. I have just tried and it comes up with the
> same error message.

"Tappy Lappy" <Tappy > wrote in message
news:df16gv$co2$...
>I am trying to delete a file, prime.exe, and although it shows on the
>desktop and is found when using the search facility I get the message
>"Cannot delete prime.exe. Cannot find the specified file".
> I am using XP home edition, is there any way to get rid of it?
> TIA
>


Use the command prompt and end the Explorer process.

Use the \\?\ , this will turn off some checking of illegal names.

del /a /f "\\?\c:\path\*prime*"

--
Jimmy

On Tue, 30 Aug 2005 11:47:12 +0000 (UTC), "Tappy Lappy" <Tappy
> wrote:

>
><Harrison> wrote in message
>news:.. .
>> On Tue, 30 Aug 2005 08:48:32 +0000 (UTC), "Tappy Lappy" <Tappy
>> > wrote:
>>
>>>I am trying to delete a file, prime.exe, and although it shows on the
>>>desktop and is found when using the search facility I get the message
>>>"Cannot delete prime.exe. Cannot find the specified file".
>>>I am using XP home edition, is there any way to get rid of it?
>>>TIA
>>
>> Reboot to safe mode into the Administrator's account and delete from
>> there.
>Hi, thanks for the advice. I have just tried and it comes up with the same
>error message.
>

I'm sorry I didn't recognize and realize what this was earlier.
If this is what I think it is, it's the latest variant of Aurora/A Better
Internet/Nail.
This version hijacks the shell, so Safe Mode, Command Prompt, etc. cannot
remove it, as long as you're running them from the hijacked system.
You'll need to boot the system to an external OS, or temporarily install it
in another system to remove the file(s).
Furthermore, each time the system is shut down, a new, randomly generated
hijacker is stubbed into the registry to get you on the next restart.
It's the nastiest spyware I've come across.

I used Super WinPE, a CD bootable version of Windows XP to remove it, but
any external DOS or other OS which can edit NTFS will suffice.
http://www.stv.ee/~butax/winpe.htm

The trick is to edit the hijack out of the registry, shut down, delete the
file(s), then reboot and check the registry again.
The hijacker is appended to the following key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\"Shell"="Explorer.exe"

Hi Tappy - If Jimmy's approach doesn't work, then the following is from my
Blog, Defending Your Machine, addy in my Signature below. Delete Invalid
File is probably what you need.


"Sometimes the tools below will find files which they are unable to delete
because they are in use.

A program called Copylock, here, http://noeld.com/programs.asp?cat=misc can
aid in the process of "replacing, moving, renaming or deleting one or many
files which are currently in use (e.g. system files like comctl32.dll, or
virus/trojan files.)"

Another is Killbox, here: http://www.downloads.subratam.org/KillBox.zip

A third which is a bit different but often very useful is Delete Invalid
File, here: http://www.purgeie.com/delinv.htm which handles invalid/UNC
file/folder name deleting, rather than the in use problem.

A fourth useful program is Unlocker, here:
..http://ccollomb.free.fr/unlocker/ " Simply right click the folder or file
and select Unlocker. If the folder or file is locked, a window listing of
lockers will appear. Simply select the lockers and click Unlock and you are
done!" Works as advertised and is particularly helpful in identifying
malware components which are 'protecting' each other."


--
Regards, Jim Byrd, MS-MVP
My Blog, Defending Your Machine, here:
http://defendingyourmachine.blogspot.com/

"Tappy Lappy" <Tappy > wrote in message
news:df2cqi$bb7$
> "Trax" <> wrote in message
> news:...
>> "Tappy Lappy" <Tappy > wrote:
>>
>>>>>>> Thanks Willy, tried it but still no use. The file is not
>>>>>>> locked, its just that it doesn't appear to
>>>>>>> exist, yet the icon shows up on the desktop, and also in DOS.
>>>>>
>>>>> Then in DOS type in: DIR /X within the same dir as your file, this
>>>>> will give you it's 8.3 file name - delete the file using that file
>>>>> name, (ie: avg70f~1.exe)
>>
>>>>> --
>>>> If by a 8.3 file name you mean one with the ~, it does not have
>>>> one (Pls see my reply to
>>>> Brian).
>>>> The folder which contains it, ie utilities, does have a file name
>>>> in this format "UTILIT~1" but
>>>> when I try to delete the folder I get the message
>>>> *******\prime.exe cannot be found.
>>>> AAAAAAAARRRRRGGGGHHHHH
>>
>> I use a program called CMFILER for problems like this, I can't find a
>> download of it without registration. It's a Norton Commander type
>> program. Used to be my Explorer under DOS.
>>
>> It does run under XP and below.
>>
>> It's an option, I know it will delete your file.
>>
>> --
>>
>> Third world bomb squad
>> http://67.50.205.164/images/firearms...dBombSquad.wmv
>
> Thanks for everything, I will try to find it and give it a go.

"George" <> wrote in message
newsX4Re.5506$UI.251@okepread05...
> OK - here's my .02. Sorry for top-posting - this is one of many methods
> (so
> far) so give it a try too.
>
> To delete an "undeletable" file
>
>
>
> Sometimes, in winxp, when you try to delete a file you will get a window
> that pops up to tell you that the file is in use by another application
> and
> can't be deleted or renamed or moved or anything else. Here's the way to
> delete the file.
>
>
>
> Open a command prompt and leave it open. Click Start, Run, and enter
> TASKMGR.EXE. (or press ctrl, alt, and delete so the task manager opens.)
> Go to the processes tab and end process on explorer.exe. Leave the task
> manager open and go back to the command prompt window. Change to the
> directory where the undeletable file is located. At the command prompt,
> type DEL <filename>. Note <filename> is the name of the file you're
> trying
> to delete. You can check for the file by typing DIR/P at the command
> prompt. After its deleted, type exit at the command prompt. Go back to
> the
> task manager and click file, new task. Enter explorer.exe to restart the
> GUI shell. Close the task manager.
>
>
>
> This seems to be a little complicated, but when all else fails. . . . . .
>
>
Thanks for the advice, but I have already tried that. I think I may just
have to live with it.
Cheers.

"Rick Merrill" <> wrote in message
news:uKKdnZ2dnZ1quT2VnZ2dnStOid6dnZ2dRVn-...
> Tappy Lappy wrote:
>> "Trax" <> wrote in message
>> news:...
>>
>>>"Tappy Lappy" <Tappy > wrote:
>>>
>>>|>> |>Thanks Willy, tried it but still no use. The file is not locked,
>>>its
>>>|>> just
>>>|>> |>that it doesn't appear to
>>>|>> |>exist, yet the icon shows up on the desktop, and also in DOS.
>>>|>>
>>>|>> Then in DOS type in: DIR /X within the same dir as your file, this
>>>|>> will give you it's 8.3 file name - delete the file using that file
>>>|>> name, (ie: avg70f~1.exe)
>>>
>>>|>> --
>>>|>If by a 8.3 file name you mean one with the ~, it does not have one
>>>(Pls see
>>>|>my reply to
>>>|>Brian).
>>>|>The folder which contains it, ie utilities, does have a file name in
>>>this
>>>|>format "UTILIT~1" but
>>>|>when I try to delete the folder I get the message *******\prime.exe
>>>cannot
>>>|>be found.
>>>|>AAAAAAAARRRRRGGGGHHHHH
>>>
>>>I use a program called CMFILER for problems like this, I can't find a
>>>download of it without registration. It's a Norton Commander type
>>>program. Used to be my Explorer under DOS.
>>>
>>>It does run under XP and below.
>>>
>>>It's an option, I know it will delete your file.
>>>
>>>--
>>>
>>>Third world bomb squad
>>>http://67.50.205.164/images/firearms...dBombSquad.wmv
>>
>>
>> Thanks for everything, I will try to find it and give it a go.
>
> You are running in an "administrator" account aren't you?

Yes, but I have spent a couple of days trying to get rid and am beginning to
think is
it worth it. Might just put up with it. Thanks for your help.

"Jim Byrd" <> wrote in message
news:hpWdnf_BZ-SL14jeRVn-...
> Hi Tappy - If Jimmy's approach doesn't work, then the following is from my
> Blog, Defending Your Machine, addy in my Signature below. Delete Invalid
> File is probably what you need.
>
>
> "Sometimes the tools below will find files which they are unable to delete
> because they are in use.
>
> A program called Copylock, here, http://noeld.com/programs.asp?cat=misc
> can
> aid in the process of "replacing, moving, renaming or deleting one or many
> files which are currently in use (e.g. system files like comctl32.dll, or
> virus/trojan files.)"
>
> Another is Killbox, here: http://www.downloads.subratam.org/KillBox.zip
>
> A third which is a bit different but often very useful is Delete Invalid
> File, here: http://www.purgeie.com/delinv.htm which handles invalid/UNC
> file/folder name deleting, rather than the in use problem.
>
> A fourth useful program is Unlocker, here:
> .http://ccollomb.free.fr/unlocker/ " Simply right click the folder or file
> and select Unlocker. If the folder or file is locked, a window listing of
> lockers will appear. Simply select the lockers and click Unlock and you
> are
> done!" Works as advertised and is particularly helpful in identifying
> malware components which are 'protecting' each other."
>
>
Hi Jim, I have tried killbox and unlocker to no avail. I will try the others
once I get
my notepad problem sorted, so thanks fro replying.

On Wed, 31 Aug 2005 21:00:26 +0000 (UTC), "Tappy Lappy" <Tappy
> wrote:

>
>"Jim Byrd" <> wrote in message
>news:hpWdnf_BZ-SL14jeRVn-...
>> Hi Tappy - If Jimmy's approach doesn't work, then the following is from my
>> Blog, Defending Your Machine, addy in my Signature below. Delete Invalid
>> File is probably what you need.
>>
>>
>> "Sometimes the tools below will find files which they are unable to delete
>> because they are in use.
>>
>> A program called Copylock, here, http://noeld.com/programs.asp?cat=misc
>> can
>> aid in the process of "replacing, moving, renaming or deleting one or many
>> files which are currently in use (e.g. system files like comctl32.dll, or
>> virus/trojan files.)"
>>
>> Another is Killbox, here: http://www.downloads.subratam.org/KillBox.zip
>>
>> A third which is a bit different but often very useful is Delete Invalid
>> File, here: http://www.purgeie.com/delinv.htm which handles invalid/UNC
>> file/folder name deleting, rather than the in use problem.
>>
>> A fourth useful program is Unlocker, here:
>> .http://ccollomb.free.fr/unlocker/ " Simply right click the folder or file
>> and select Unlocker. If the folder or file is locked, a window listing of
>> lockers will appear. Simply select the lockers and click Unlock and you
>> are
>> done!" Works as advertised and is particularly helpful in identifying
>> malware components which are 'protecting' each other."
>>
>>
>Hi Jim, I have tried killbox and unlocker to no avail. I will try the others
>once I get
>my notepad problem sorted, so thanks fro replying.

All symptoms indicated the Aurora variant I described.
It's a bitch to get rid of, but it can be done if you follow the outline I
gave you.

Tappy, To verify what Harrison has said run HJT and post your log.
HijackThis
http://www.pcbutts1.com/downloads/HijackThis.zip

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Tappy Lappy" <Tappy > wrote in message
news:df55pa$4pe$...
>
> "Jim Byrd" <> wrote in message
> news:hpWdnf_BZ-SL14jeRVn-...
>> Hi Tappy - If Jimmy's approach doesn't work, then the following is from
>> my
>> Blog, Defending Your Machine, addy in my Signature below. Delete Invalid
>> File is probably what you need.
>>
>>
>> "Sometimes the tools below will find files which they are unable to
>> delete
>> because they are in use.
>>
>> A program called Copylock, here, http://noeld.com/programs.asp?cat=misc
>> can
>> aid in the process of "replacing, moving, renaming or deleting one or
>> many
>> files which are currently in use (e.g. system files like comctl32.dll, or
>> virus/trojan files.)"
>>
>> Another is Killbox, here: http://www.downloads.subratam.org/KillBox.zip
>>
>> A third which is a bit different but often very useful is Delete Invalid
>> File, here: http://www.purgeie.com/delinv.htm which handles invalid/UNC
>> file/folder name deleting, rather than the in use problem.
>>
>> A fourth useful program is Unlocker, here:
>> .http://ccollomb.free.fr/unlocker/ " Simply right click the folder or
>> file
>> and select Unlocker. If the folder or file is locked, a window listing of
>> lockers will appear. Simply select the lockers and click Unlock and you
>> are
>> done!" Works as advertised and is particularly helpful in identifying
>> malware components which are 'protecting' each other."
>>
>>
> Hi Jim, I have tried killbox and unlocker to no avail. I will try the
> others once I get
> my notepad problem sorted, so thanks fro replying.
>
>