Sorry for the long post.
The system is actually Windows 2003 Server Standard (fully patched and SP'd), but XP is about the same so I used this forum.
I am trying to clear a virus. I can see the .exe file, but when I try and delete it I get "Access Denied".
This usually refers to a file that is being used by a process. I looked at tasklist /m and nothing shows with the file name.
The file and the folder it is in are Hidden and Read Only. I am unable to remove the attributes of either the file or the folder.
I checked permissions on the NTFS drive and I decided to use takeown to make sure the Administrator has ownership. This has not helped.
I have been using the ESET online scanner which successfully finds the file, tells me it has quarantined it, but when I look again it is still there, even after many reboots.
This is the reported line from ESET:-
C:\Documents and Settings\*a users folder*\Application Data\jewsdidit0\zjiujsnjb.exe a variant of Win32/Kryptik.BAJC trojan cleaned by deleting (after the next restart) - quarantined
I tried booting in Safe Mode, Safe with Command Line, Safe with Networking to see if this would unlock the file. No joy.
I can see traffic (using netstat) which should not be there, so I need desperately to solve this problem.
Many thanks in advance for any ideas!
Jenny
The system is actually Windows 2003 Server Standard (fully patched and SP'd), but XP is about the same so I used this forum.
I am trying to clear a virus. I can see the .exe file, but when I try and delete it I get "Access Denied".
This usually refers to a file that is being used by a process. I looked at tasklist /m and nothing shows with the file name.
The file and the folder it is in are Hidden and Read Only. I am unable to remove the attributes of either the file or the folder.
I checked permissions on the NTFS drive and I decided to use takeown to make sure the Administrator has ownership. This has not helped.
I have been using the ESET online scanner which successfully finds the file, tells me it has quarantined it, but when I look again it is still there, even after many reboots.
This is the reported line from ESET:-
C:\Documents and Settings\*a users folder*\Application Data\jewsdidit0\zjiujsnjb.exe a variant of Win32/Kryptik.BAJC trojan cleaned by deleting (after the next restart) - quarantined
I tried booting in Safe Mode, Safe with Command Line, Safe with Networking to see if this would unlock the file. No joy.
I can see traffic (using netstat) which should not be there, so I need desperately to solve this problem.
Many thanks in advance for any ideas!
Jenny