Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Owner/Local Settings/Temp Folder - Unknown File


  • Please log in to reply
1 reply to this topic

#1 SirSimeon2003

SirSimeon2003

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 15 March 2010 - 06:30 PM

Was recently infected with virus and successfully removed it, thanks to information in this thread: http://www.bleepingcomputer.com/forums/t/302533/trojan-bnkwin32-keyloggergen/

Went straight to certain folders to ensure bad bad bad files deleted, and all were.

But

C:\Documents and Settings\Owner\Local Settings\Temp

Contains a hidden file called x406THs3wg8XQ

Never appeared before. It's not being used by any programme. Read-only. 12.5 KB in size.

When I try to delete it, standard message:

The file 'x406THs3wg8XQ' is a system file. If you remove it, your computer or one of your programs may no longer work correctly. Are you sure you want to move it to the Recycle Bin?

Googled "x406THs3wg8XQ": Your search - x406THs3wg8XQ - did not match any documents.

I've restarted PC several times already (that includes restarting and turn-off/restart) to make sure certain things are okay, everything is operating properly, no errors in Event Viewer, but that file is an issue.

Suggestions? Thanks in advance.

Edited by SirSimeon2003, 15 March 2010 - 06:31 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:07 PM

Posted 16 March 2010 - 07:35 AM

Some files are locked by the operating system or locked by running programs during use for protection, so scanners cannot access them. Files that are located in password-protected archives may also be locked or denied access. When the scanner finds such a file, it makes a note and then just skips to the next one. That explains why it shows as "skipped" or "Access Denied" in some anti-virus or anti-malware log scan reports. Similarly, when attempting to delete such a file manually, you may receive a message indicating it is in use or a warning that it is a protected.

For more information about this, please refer to How to Delete/Rename a Stubborn File. Several utilities are suggested for dealing with stubborn files to include Unlocker.

Please download Unlocker and save to your desktop.
  • Choose the default installation folder C:\Programs Files\Unlocker, click "Next" then click "Install" and reboot when finished.
  • Navigate to the file or folder you want to delete.
  • Right-click on it and select "Unlocker" from the menu.
  • If the folder or file is locked, a window listing of lockers will open.
  • Click to highlight the file path and choose "Unlock all". (make sure "no action" is chosen in the program)
  • After you unlock it, right-click on the file and choose delete.
Note: When you are unsure about a suspicious or unknown file, you can rename it by adding .vir after the file's extension (i.e. badfile.dll.vir). If you receive an alert from Windows about renaming, just ignore it. I prefer renaming instead of deleting as deletion leaves you with no option to restore if the file is later found to be legitimate. Taking no action exposes you to risk if the file is not legitimate.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users