Quick Tricks For Defeating " Undeletable " Files May Save You Some Pain

[AllfatherBlack 0]

We've all dealt with viruses. Some of us deal with viruses a lot. And others make their living spanking 'em like the naughty issues they are. With any amount of virus-slapping experiance youve likely come across that mysteriously " undeletable " file that, for some unGodly reason, cant be removed from your precious eMachine. Please note that if you consider your eMachine precious then your standards are ludicrously low, but I digress. The reason you cannot delete the file ( assuming some kind of permission has not been modified to lock it down preventing deletion in the first place ) is because it is tied up in some active windows process. For example, many viruses will load themselves up as part of explorer.exe, which is what provides you with that pretty little taskbar you have on the bottom/left/right/top of your screen. Since the virus is " in use " by explorer.exe, which loads at startup in both normal and safe-mode, you can not remove it, pretty effectively locking the virus onto your computer semi-permenantly. Our goal, of course, is to remove that permenant part.The easiest and most reliable way to remove a file tied up in a system process is to boot into another non-Windows OS and modify the file on your drive from there. Bootable Linux CDs are nigh infallible and pretty much the best way to go about doing this. There are other alternatives available, such as Bart PE ( Google it ), and you would be surprised how often just loading the command prompt will allow you to remove a file ( recovery console for XP ). For those of you who havent restarted since '97 and would like to keep the record going, another alternative is killing system processes that may be using aforementioned virii ( apparently thats not a real word but I like it nonetheless ). Task Manager allows you to kill most processes, but a few processes are considered essential for Windows to function properly and cant be shut down via Task Manager ( Csrss.exe, lsass.exe, etc. ). A few apps, such as Killbox, will allow you to kill process TM wont. Of course, when you do this, a little window will pop up and say " Hey buddy, I needed that. So now Im gonna be a like ' bweeeewww ' and shut off on your **bottom** ". Of course, it doesnt say that at all, but its something fairly similar. You now have approximately a minute to sob quietly before your computer restarts, whether you like it or not. But we're going more for the not, so to stop the countdown, simply click on Run... ( which can be found in the start menu and in task manager ) and type " shutdown -a ". And there. Now the computer can be used again. Note that, obviously, you will lose any functionality related to whatever system process you kill. Its possible to kill all but one single system process and continue using the computer ( in some manner ). Csrss.exe. if terminated, will blue screen your **bottom**, so dont do it. Its not often required that you kill all possible processes, as viruses arent often complicated enough to tie themselves into many processes. In order to determine what services may need to be shutdown to hunt down a virus, simply use an application like Hijack This! or SysInternals Process Explorer to view the .dlls associated with system processes. Deleting illegitimate .dlls often "breaks" malware, just like itll break normal software. Most .dlls without any identifier other than a filename are malware-related, but its absolutely crucial that you research ALL of them before deleting them. If you dont know why, you shouldnt be monkeying around with this in the first place. Killing the appropriate process or .dll often allows you to delete the malware abusing it, but not always.Occasionally, a file cannot be deleted in apps such as Bart PE or by killing any reasonable system process. This leaves the last option I will be covering; the registry. Normally people put big caps here and say " DONT MESS WITH THE REGISTRY UNLESS YOU KNOW WHAT YOURE DOING OR HAVE MADE BACKUPS. YOU CAN BREAK THE *BLEEP* OUT OF YOUR SYSTEM OTHERWISE ". But I wont do that. Again... Actually, the registry can be a very scary place, but isnt as dangerous as most people make it out to be. You CAN break the *BLEEP* out of your system jerking around with it, sometimes irrepairably (excluding formatting, of course ), but assuming you make sure that any entry you delete will not be associated with anything you care about ( like malware ), you can fix a lotta virii ( viruses ) this way. Open Regedit by going to " Run... " and typing regedit or regedit32.Find the filename of the item your attempting to delete, which will often be a long string of absolute gibberish, then use the search function in Regedit ( make sure to highlight ' my computer ' on the left so you search the WHOLE registry and not just a part of it ) to find any key that mentions that file. ONLY delete the item the search function finds for you. ONLY hit delete once. When you delete an entry, the next entry is automatically selected, so beating on the delete key like a masturbating monkey will delete God only knows what and make your life Hell, which you deserve for touching your computer like that. Make sure to find every entry that mentions the filename of the file you want deleted. Once youve killed them all, try deleting the file youve grown to hate again.This should provide a nice stepping stone for those of you who are no longer willing to leave your security to antivirus scanners alone. Feel free to chew me out if you *BLEEP* up your system using any of these tactics. I mean, I should pay for trying to enlighten you, right?

[jlhaslip 4]

Interesting tutorial. Nice injection of humour at certain spots in there. A couple of * bleeps * that might invoke a raised eyebrow from some, but what the heck, live dangerously, I say.

virii ( apparently thats not a real word but I like it nonetheless ).

Yes, it is a real word. It is the plural form of virus. A Latin root gives it the peculiar 'ii' plural form. 'Viruses' is not the correct plural form of the word. The Queen's English wouldn't allow 'viruses'.

[believer 0]

pretty good explanation in there.I do have some share of this problem and though my process is different allow me to share it here,If I have some file that cannot be deleted the only thing that I do is create a text file from notepad, then name that file same with the one that I wanted to delete including the extension name, save that notepad text file on the same directory of the undeletable file, Windows will now prompt you if you want to overwrite it, choose yes and there you now have a modified file that can actually be deleted.This has always worked for me, I hope this will help someone

[AllfatherBlack 0]

Hahah, leave it to me to blab on and on and on and on and on and not cover a very simple trick that honestly didnt even occur to me. See, this is why I like forums. When I miss something, someone else just picks up where I left off and makes sure that we get all our bases covered. Thanks for making this a better thread, boyos!

[LiberacionShard 0]

yeah this tutorial seems to basically cut it, i mean ive had alot of problems wiht unmovable files in the past, but nothing either deleteing with safe mode, or unchecking read only, you covered everything that i had in mind aswell as me learning some things

[Zakius 0]

Ok I had no luck with the simple method, i have 3 files that are viruses and can't delete... i have programs that are made to delete undeletable files but still it won't... so now i gotta try fatherblacks method, and find a linux disk

[Zakius 0]

i found a program that worked for me.... http://www.gibinsoft.net/gipoutils/fileutil/index.htm

it lets u choose what files to delete, and does it when u restart so no programs are running at all. but it seems that didn't get rid of the virus, or spyware host thing. next mission is to find that.