AVG Virus Vault has a Trojan Horse named Cryptic.GQ in it. The path is C:\Documents and Settings\username\local settings\temp\wxSI.exe. I have some folders that I can't delete in this path.
C:\Documents and Settings\username\local settings\temp\IswTmp\Shared\SxS\. There's two folder underneath SxS that have really long names like 6adf1ed and aac18a, can't delete these either.
Their attributes are set to read only. I've booted up in safe mode to a command prompt, logged in as the admin, navigated to C:\Documents and Settings\username\local settings\temp\IswTmp\, ran attrib -R -S -H /S /D Shared. Access is still denied.
I've updated AVG, and ran a couple of full scans, they come back clean. But when I run the scan directly against the folders, the scan doesn't complete, it just keeps running. Installed Spyware Doctor, it finds something but won't clean it until you buy. Installed SpyBot, ran it until it came back clean. Installed combofix and ran it, the log file has a paragraph about scanning hidden processes, hidden autostart entries, hidden files, says the scan completed successfully and hidden files: 0
I suspect that those folders contain some type of malware because I can't seem to change the attributes, or delete them. I'm asking for suggestions on how to go about cleaning this up? Let me know if you need additional info.
Thanks in advance...
Edited by Budapest, 28 April 2010 - 11:07 PM.
Moved from XP ~BP