locked
Cannot delete infected files RRS feed

  • Question

  • I was infected with a virus (Win32.Jeefo) and I found a tool to remove it.

    My problem is that this virus infected some files in the win\sys32\driverstore\filerepository and now I cannot delete them.

     

    But my biggest problem is how did the virus infected the files if I cannot delete them? And how can I login with the administrator account if I forgot/did not set a password for it?

     

    thank you

     

    EDIT: windows defender doesn't detect it and firewall and UAC are off. I have Vista Bussiness x86.

    Monday, January 14, 2008 9:47 PM

Answers


  • Hi,

    I suggest we first try to remove the infected files under Safe Mode and then update your anti-virus program.

    Step 1: Boot the computer into Safe Mode to delete infected files

    Perform the following steps to go to Safe Mode.

    1. Reboot the computer.
    2. When the Starting Windows screen shows, press F8.
    3. Select Safe Mode and press Enter.
    4. Log on as Administrator or user account that has admin privilege.
    5. Does this issue occur in Safe Mode? Can you delete the virus infected files in Safe Mode?

    (NOTE: Safe Mode loads the minimum number of required basic device drivers and system services to start the system. Programs located in the Startup Program group are not started.  So this will be very helpful for us to narrow down the root cause.)

    Step 2: Update your anti-virus program

    Please update your anti-virus application's virus database and perform a full scan on the whole hard disk to ensure that the system is not infected.

    You may also use some of the online removal tools located at:

    http://security2.norton.com/us/intro.asp?venid=sym&langid=us 
    http://vil.nai.com/vil/stinger 
    http://www.trendmicro.com/download/tsc.asp

    You can also contact your antivirus vendor for assistance with identifying or removing virus or worm infections. If you need more help with virus-related issues, contact Microsoft Product Support Services.
     
    For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates.

    By the way, Windows Defender does not remove and fix virus problems. If you lost the built in administrator and there is no other account available, I am sorry to say you have to reinstall Windows Vista to reset the built in administrator password.
     
    I hope this helps.

    Sincerely,
    Robbin Meng
    Microsoft Online Community Support

     

    Wednesday, January 16, 2008 6:57 AM
  •  

    Hi,

    I'm sorry for answering so late, but after the first couple of day passed and I saw no answer I took the matter into my own hands and this is how I solved my problem:

    1. took ownership of the files

    2. added my user with full rights

    3. deleted the files

     

    All this was done with my account, not the administrator account (which is disabled).

     

    thank you for your interest,

    Lucian Coman

    Monday, January 28, 2008 9:51 AM

All replies


  • Hi,

    I suggest we first try to remove the infected files under Safe Mode and then update your anti-virus program.

    Step 1: Boot the computer into Safe Mode to delete infected files

    Perform the following steps to go to Safe Mode.

    1. Reboot the computer.
    2. When the Starting Windows screen shows, press F8.
    3. Select Safe Mode and press Enter.
    4. Log on as Administrator or user account that has admin privilege.
    5. Does this issue occur in Safe Mode? Can you delete the virus infected files in Safe Mode?

    (NOTE: Safe Mode loads the minimum number of required basic device drivers and system services to start the system. Programs located in the Startup Program group are not started.  So this will be very helpful for us to narrow down the root cause.)

    Step 2: Update your anti-virus program

    Please update your anti-virus application's virus database and perform a full scan on the whole hard disk to ensure that the system is not infected.

    You may also use some of the online removal tools located at:

    http://security2.norton.com/us/intro.asp?venid=sym&langid=us 
    http://vil.nai.com/vil/stinger 
    http://www.trendmicro.com/download/tsc.asp

    You can also contact your antivirus vendor for assistance with identifying or removing virus or worm infections. If you need more help with virus-related issues, contact Microsoft Product Support Services.
     
    For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates.

    By the way, Windows Defender does not remove and fix virus problems. If you lost the built in administrator and there is no other account available, I am sorry to say you have to reinstall Windows Vista to reset the built in administrator password.
     
    I hope this helps.

    Sincerely,
    Robbin Meng
    Microsoft Online Community Support

     

    Wednesday, January 16, 2008 6:57 AM

  • Hi,

     

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios.

     

    If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

     

    In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.

     

    Thanks!

     

    Sincerely,
    Robbin Meng
    Microsoft Online Community Support

    Tuesday, January 22, 2008 3:31 AM
  •  

    Hi,

    I'm sorry for answering so late, but after the first couple of day passed and I saw no answer I took the matter into my own hands and this is how I solved my problem:

    1. took ownership of the files

    2. added my user with full rights

    3. deleted the files

     

    All this was done with my account, not the administrator account (which is disabled).

     

    thank you for your interest,

    Lucian Coman

    Monday, January 28, 2008 9:51 AM
  • Thanks for your response and sharing, Lucian 

    Have a nice day.

     

    Best Regards,

    Robbin Meng

    Tuesday, January 29, 2008 10:01 AM