Cannot Delete Virus Files In System Folders

D

DallasSteve

New member
Local time
9:29 AM
Messages
2
My Windows 7 64-bit computer has become infected with the ConHost virus. There are dozens of copies of the executable in the Windows/winsxs folder. I start up in Safe Mode, launch Windows Explorer, Run As Administrator, navigate to the files and, you guessed it, Microsoft is too busy protecting my viruses to let me delete them. Sometimes it says I need Trusted Installer permission, sometimes System permission. If the person at Microsoft who came up with that idea was here with me it wouldn't be pretty. Can someone tell me how I can take control of the computer that I paid for? And maybe someone should tell Mr. Microsoft that this is making me want to find a computer running a different OS (not affiliated with Microsoft).
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 64-bit
ConHost virus is a Trojan disguised to look like it's a MS protector file ... it of course is not from MS.

In the registry it will look something like this:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Conhost.exe " = "%AppData%\<random>.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Conhost.exe " = "%AppData%\<random>.exe"

%AppData%\<random>.exe
%CommonAppData%\<random>.exe
C:\Windows\Temp\<random>.exe
%temp%\<random>.exe

C:\Program Files\<random>

Let's see if we can detect it running in the background. Download DDS from one of these links:
DDS.com
DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Jacee

I appreciate the suggestion, but I've never heard of DDS and I am cautious about downloading files I don't know about. Can you tell me the complete name of this program or provide a link to it's creator's website? My other option is I can re-install my OS and restore my work files. Fortunately I've saved them all off the computer.

Thanks

Steve
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 64-bit
DDS by sUBs, "doesn't do squat". It just shows me what's running. :)
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
You must log in or register to reply here.

Similar threads

GRoston
Cannot delete a folder????
Replies
3
Views
8K
AmericanPharaoh
AmericanPharaoh
B
Solved Cannot Rename or Delete Folders that have Subfolders
Replies
18
Views
35K
BuckSkin
B
Sylveon Fetish
Cannot delete folder "You require permission from Main/Arceus
Replies
2
Views
2K
Brink
Brink
A
Cannot delete windows.old (Even with diskcleanup or cmd.exe)
Replies
2
Views
3K
MeOnMine
MeOnMine
Y
Solved Cannot delete file
Replies
7
Views
2K
RoWin7
RoWin7
Back
Top