How Do I Find & Delete Archive Files Manually?

willogee
willogee
in General talk

Hi I'm a newby, and the result of a virus scan shows 2 infections that are "unresolved". An extract of the log is as follows:


Remaining issues:Object Name Threat Name Final Status


C:\Documents and Settings\Ang\Local Settings\Temp\BIT58.tmp=]archstored:ac8zt2/edi.exe Trojan.Agent.BHO.N Delete Failed (file was in an archive)


C:\Documents and Settings\Ang\Local Settings\Temporary Internet Files\Content.IE5\TBJMH6I1\VideoAccessCodecInstall[1].exe=](NSIS o)=]lzma_solid_nsis0003 Trojan.Downloader.Zlob.ABBK Delete Failed (file was in an archive)


In the support page on unresolved issues it says that archive files need to be deleted manually. My question is how do I do this? How do you find them? I've tried Windows Explorer and also using command prompt but seem unable to get to them


Thanks


Will

Comments

  • Niels
    Niels

    Dear willogee


    In this case the archives are located in a hidden folder. To solve that click on start,my computer go to the tools menu,folder options,display (view),check show hidden files and folders on apply. Now you have navigate further to documents and settings,Ang,no you will see the folder local settings,Temp


    You need to close your internet browser first.


    Best regards


    Niels

  • willogee
    willogee

    Niels


    Thanks for prompt response.


    Yes I did this (show hidden folders) and this enabled me to get to the "Temp" directory and delete that one OK, but I cannot find the other directory "Tempory Internet Files".


    Any further suggestions very welcome.


    Thanks


    Will

  • Niels
    Niels

    Dear willogee


    Uncheck hide protected operating system files and press on apply and ok. You find that option also in the same menu where you enabled show hidden files and folders.


    Best regards


    Niels

  • willogee
    willogee

    Niels


    Yes, that's allowed me to find and delete the files.


    Many thanks!

  • Fida
    Fida
    edited December 2007

    Hello there, I have been trying to delete a file in my Archive but wasn't able to locate it. After I read your advices here( thanks alot) I finally found it, but unfortunatly I couldn't delete it. What should I do to delete it becasue this file was detected by my scan as a virus.

  • Niels
    Niels

    Dear Fida


    Can you please post the exact location where BitDefender found the infection? Do obtain that information in the 2008 products do this: double click on the red BitDefender icon near the system clock click on history post the result of realtime events where infections were found and also by the latest finished scan. By double clicking on it and post the location. For earlier products you have to click on general events for the rest it's the same.


    Best regards


    Niels

  • siil3ntc0wboi
    siil3ntc0wboi

    Hi i have done a full system scan and its found the follow trojan but wont delete it.


    " Trojan.Agent.Delf.FQ "


    The path is as follows


    System]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\DisplayName=]C:\WINDOWS\SYSTEM32\ROUTING.EXE Trojan.Agent.Delf.FQ


    Can u tell me how i can manually delete it.


    thanks


    kind regards


    thomas

  • Niels
    Niels

    Dear thomasG,


    Did BitDefender removed or quarantined routing.exe in the system 32 folder? Reboot your pc into safe mode you can do this by pressing several times on the F8 button before the windows loading screen select safe mode press enter log in with your account. Go to start,run,type,regedit press enter expand hkey_local_machine (by clicking on the +-icon) and open the following folder and subfolders:system,currentcontrolset,services,remote access,now you have to take a look at the right side of the screen you will see an entry called DisplayName you may only find 1. If 2 pressent you may only delete the one that have C:\WINDOWS\SYSTEM32\ROUTING.EXE as value. If only 1 edit by double clicking on it and by changing C:\WINDOWS\SYSTEM32\ROUTING.EXE to Routing and Remote Access.


    You may exit regedit afterwards.


    Best regards


    Niels

  • JLWS
    JLWS
    edited January 2008

    Hello,


    After reading all the above posts, I am wondering if I should follow the same way to remove the spyware "Trojan.Agent.Delf.FQ" as thomasG. The report is as follow:


    //-----------------------------------------------------------------


    //


    // Product: BitDefender 9 Professional Plus


    // Version: 9.5


    //


    // Created on: 26/01/2008 14:02:37


    //


    //-----------------------------------------------------------------


    Statistics


    Scan path : C:\


    D:\


    E:\


    F:\


    G:\


    Folders : 12402


    Files : 564393


    Archives : 8739


    Packed files : 30889


    Identified viruses : 0


    Infected files : 0


    Warnings : 0


    Suspect files : 5


    Disinfected files : 0


    Deleted files : 0


    Copied files : 0


    Moved files : 1


    Renamed files : 0


    I/O errors : 45


    Scan time : 04:37:30


    Scan speed (files/sec) : 33


    Spyware Statistics


    Memory processes scanned : 57


    Memory processes infected : 0


    Registry keys scanned : 333


    Registry keys infected : 0


    Cookies scanned : 183


    Cookies infected : 0


    Spyware files infected : 0


    Spyware threats detected : 0


    Virus definitions : 972318


    Scan plugins : 16


    Archive plugins : 41


    Unpack plugins : 7


    Mail plugins : 6


    System plugins : 5


    Scan options


    Detection


    [X] Scan boot sectors


    [X] Scan archives


    [X] Scan packed files


    [X] Scan email


    File mask


    [ ] Programs


    [X] All files


    [ ] User defined extensions:


    [ ] Exclude extensions: ;


    Action


    Infected objects


    [ ] Ignore


    [X] Disinfect


    [ ] Delete


    [ ] Copy to quarantine


    [ ] Move to quarantine


    [ ] Rename


    [ ] Prompt user


    Second action


    [ ] Ignore


    [ ] Delete


    [ ] Copy to quarantine


    [X] Move to quarantine


    [ ] Rename


    [ ] Prompt user


    Scan options


    [X] Enable warnings


    [X] Enable heuristics


    [ ] Show all files in log


    [X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1201327357.log


    Spyware scan options


    [X] Memory Processes


    [X] Registry keys


    [X] Cookies


    Summary:


    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\DisplayName=>C:\WINDOWS\SYSTEM32\ROUTING.EXE Suspect: Trojan.Agent.Delf.FQ


    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\DisplayName=>C:\WINDOWS\SYSTEM32\ROUTING.EXE Disinfection failed


    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\DisplayName=>C:\WINDOWS\SYSTEM32\ROUTING.EXE Move failed


    <System>=>C:\WINDOWS\system32\routing.exe (memory dump) Suspect: Trojan.Agent.Delf.FQ


    <System>=>C:\WINDOWS\system32\routing.exe (memory dump) Disinfection failed


    <System>=>C:\WINDOWS\system32\routing.exe (memory dump) Move failed


    <System>=>C:\WINDOWS\system32\routing.exe (disk) Suspect: Trojan.Agent.Delf.FQ


    <System>=>C:\WINDOWS\system32\routing.exe (disk) Disinfection failed


    <System>=>C:\WINDOWS\system32\routing.exe (disk) Move failed


    <System>=>C:\WINDOWS\system32\routing.exe (full dump) Suspect: Trojan.Agent.Delf.FQ


    <System>=>C:\WINDOWS\system32\routing.exe (full dump) Disinfection failed


    <System>=>C:\WINDOWS\system32\routing.exe (full dump) Move failed


    C:\WINDOWS\system32\routing.exe Suspect: Trojan.Agent.Delf.FQ


    C:\WINDOWS\system32\routing.exe Disinfection failed


    C:\WINDOWS\system32\routing.exe Moved


    I tried to remove this virus via bitdefender but it won't move it to qurantine nor disinfect the files. I tried using Ad-aware 2007 to remove it but it did not even detect the trojan. So should I follow the steps above? I am sure that the trojan is in the system even though bitdefender says it suspects only.Thx.


    Kind regards


    Joseph

  • stardj
    stardj

    I have almost the exact messages as JLWS. I would like to know if I should do the same thing as him as well for the file ALG.exe. The full message is:


    <System>=>C:\Windows\alg.exe (disk) Infected:Behaveslike.Win32.fileinfector


    <System>=>C:\Windows\alg.exe (disk) Disinfection failed


    <System>=>C:\Windows\alg.exe (disk) moved failed


    please help thanks.

  • erindenae
    erindenae

    I am getting a similar message from bitdefender. Can someone please help me?


    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13D47326.de1=](Quarantine-2)=][subject: Re:][Date: Mon, 09 May 2005 01:00:38 UTC]=](MIME part)=]our_secret.zip=]Winzipped-Text_Data.txt .pif Win32.Sober.O@mm Delete Failed (file was in an archive)


    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13D47326.de0=](Quarantine-2)=][subject: FwD: Re:][Date: Sun, 08 May 2005 21:52:42 UTC]=](MIME part)=]our_secret.zip Win32.Sober.P@mm Delete Failed (file was in an archive)


    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13D47326.de3=](Quarantine-2)=][subject: FwD: Re:][Date: Mon, 09 May 2005 22:12:09 UTC]=](MIME part)=]our_secret.zip Win32.Sober.P@mm Delete Failed (file was in an archive)

  • Niels
    Niels

    Hello erindenae,


    Can you please do the following?


    Click on start,my computer,documents and settings,all users. Now go to the tools menu,folder options,view (display), select show hidden files and folders press on apply and ok. Now you will see a folder called application data navigate further too Symantec\Norton AntiVirus\Quarantine and delete the content.


    Best regards


    Niels

All Time Leaders

Categories

Defenders of the month