Cannot Delete Virus Files In System Folders


  1. DallasSteve
    Posts : 2
    Windows 7 64-bit
       New #1

    Cannot Delete Virus Files In System Folders


    My Windows 7 64-bit computer has become infected with the ConHost virus. There are dozens of copies of the executable in the Windows/winsxs folder. I start up in Safe Mode, launch Windows Explorer, Run As Administrator, navigate to the files and, you guessed it, Microsoft is too busy protecting my viruses to let me delete them. Sometimes it says I need Trusted Installer permission, sometimes System permission. If the person at Microsoft who came up with that idea was here with me it wouldn't be pretty. Can someone tell me how I can take control of the computer that I paid for? And maybe someone should tell Mr. Microsoft that this is making me want to find a computer running a different OS (not affiliated with Microsoft).
      My Computer
    Quote Quote

  3. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #2

    ConHost virus is a Trojan disguised to look like it's a MS protector file ... it of course is not from MS.

    In the registry it will look something like this:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Conhost.exe " = "%AppData%\<random>.exe"
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Conhost.exe " = "%AppData%\<random>.exe"

    %AppData%\<random>.exe
    %CommonAppData%\<random>.exe
    C:\Windows\Temp\<random>.exe
    %temp%\<random>.exe

    C:\Program Files\<random>

    Let's see if we can detect it running in the background. Download DDS from one of these links:
    DDS.com
    DDS.pif
    • Disable any script blocking protection
    • Double click the dds icon to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt <--- will be minimized in the task tray
    • Save both reports to your desktop.

    Include the contents of both logs in your next post.
      My Computer
    Quote Quote

  4. DallasSteve
    Posts : 2
    Windows 7 64-bit
    Thread Starter
       New #3

    Jacee

    I appreciate the suggestion, but I've never heard of DDS and I am cautious about downloading files I don't know about. Can you tell me the complete name of this program or provide a link to it's creator's website? My other option is I can re-install my OS and restore my work files. Fortunately I've saved them all off the computer.

    Thanks

    Steve
      My Computer
    Quote Quote

  6. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #4

    DDS by sUBs, "doesn't do squat". It just shows me what's running. :)
      My Computer
    Quote Quote

 

  Related Discussions
see this image... some of the infected files with virus showed as moved to qurantine in Norton Endpoint v11 protection... some of them get deleted by itself... I scan the files that contained in the network with Norton it showed like this... Here what is log only means?... Whether the...
I have a computer on the LAN with a bunch of HDDs in it. My main computer has the computer mapped as a network drive. I put my video projects on mapped network drives. Can a virus find the network drive through my computer and delete all of the files or ransomware encrypt it?
Before I go on, I would like to note that: - I'm currently using Windows 7 Ultimate 64 bit - I have 2 HDD (D and E drive) and 1 SSD (C drive) - I have posted screenshots as it might clarify what I'm trying to say Anyway, I'm having trouble with deleting program files (both 86 and 64) and...
Hello. Newbie Here. I have Win 7. I just purchased this Dell Laptop with preloaded software and apparently free viruses. I've used the following to disinfect the laptop. Malwarebytes, Sophos, TDSSKiller, Spybot S&D, ComboFix and running Avast Antivirus. I think this computer is virus free,...
I want to delete all the files/folders with a certain name like the __MACOSX folders that comes with many icon packs. Is there a tool or script that can do that? I think there should a command-line instruction to do this but i couldn´t find it.
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 01:38.
Find Us