New
#11
Try taking ownership of the folder and see if that helps...
Take Ownership Shortcut
No Did not work. Can delete $Recycle but System Volume Information brings it back. Cant delete System Volume Information
Hi Dinesh
Hitman Pro could not be run as it could not gain a internet connection. Dont know why as I am internet at same time and internet connection is good. Have noticed other malware and anti-virus programs can not access internet for updates. Could this be related??????? to problem with system volume information and $Recycle.bin.
Login in Safe mode.
Take ownership of the folder.
Grant full control to your current account.
And try to delete.
It may take a few tries. You may have to take ownership of several folders and grant Full control access.
Or, even better if you will try the same method with Built-in Admin (Built-in Administrator Account - Enable or Disable)
Any chance, that reinstall is the choice? (Believe me it will be a lot less trouble)
And have you done this?
In my opinion you have more then just this infection.
maybe you will post Hijack log?
I have now tried renaming the folders and deleting them. I can rename them and when I do they disappear.
So it appears successful, however when you reopen the drive the folders reappear again with their original names.
There is obviously a hidden file or something that is controlling them and reinstalling the folders and files.
When I delete the $recycle.bin folder it mentiones desktop.ini files contained in the folder will be deleted as well. These are reinstated when the folder is reinstalled.
When I search programs and files I find one desktop.ini file with the following text
[LocalisedFileNames]
pinned .lnk=@c:\windows\system32\shell32.dll, -4161
Other copies of desktop.ini are hidden in folder and do not appear when I search.
hijackthis.log
AdAware Log 02-02-2010.txt
Those update sites for the security apps could be blocked by "Hosts" file entries.
Scroll down to "How do I reset the hosts file back to the default?"
Updating the HOSTS file in Windows 7 - Windows Forums
Also check Internet Options - Connections - Lan settings - untick use a proxy server and tick "Automatically detect settings"
Ya gonna have to get a scan down with an updated Malwarebytes and Hitman Pro as it will be too tedious trying to clean it up manually especially if it's an autorun worm.
You have a hidden "auto run.ini" at start up.
See what you have:
sal.xls.exe | ThreatExpert statistics
Troj/VB-CYJ Trojan (Win32/VB.EL worm, Worm.Win32.VB.el, W32/Backdoor.VXI) - Sophos security analysis
Quick Heal-Important virus Information-Worm.VB.el
Are you using a USB drive that could be infected?
Thanks Jacee
I have the sal.xls.exe. I read the information about it and it is also called recycler virus.
I can see the System Volume Information folder and a $recycle.bin folder but not the Recycler folder.
I would like to know how to see all hidden files in Windows 7 so these appear with the file inside them.
I found the ctfmon.exe file but cant delete it as "I need permission from TrustedInstaller". This is a new user that has been created and I cant delete the files.
Any idea on how to delete them?
Because "Virut" was shown by Sophos, this is a nasty Trojan ------
You're not only dealing with Virut but you are also dealing with a lot of other malware as well.
What I suggest in your case is to format and reinstall Windows. This because, Virut is a file infector which infects every .exe present on your system. The problem with Virut is, this is a buggy file infector and that's why scanners cannot disinfect them properly either > result > files are corrupted, won't work anymore.
And as I already explained, Virut infects every .exe.
This means that you may not delete these files, but they should be disinfected. And since it's a buggy virus, the files cannot be properly disinfected.
This unfortunately means that this is a game over situation and there's nothing much you can do besides formatting and reinstalling Windows.
Don't backup your files either, because when you backup exe files, they are also infected. You can however backup pictures and documents.
Look at the instructions on this page HM2K.com Win32 Virtob/Virut removal
It's up to you how you decide to work with this infection.