Solved Cant delete file and folder , even with cmd

[Slartybart]

Power Tool - it shows extensions and any hidden or super hidden files so the mystery file appears not to have an extension! I see some strange characters after the detected file name but they make no sense to me.

Thanks, now I know that Power tool shows the extension in the Filename column.

The funky characters are just ASCII characters above 127
For example:
€Š‘’¡¢£¤¥¦§¨©ª«¬*®¯°±²³´µ¶·¸¹º»¼½¾¿À
0128, 0138, 0145, 0146, 0161, 0162, 0163, 0164, 0165, 0166, 0167, 0168, 0169, 0170, 0171, 0172, 0173, 0174, 0175, 0176, 0177, 0178, 0179, 0180, 0181, 0182, 0183, 0184, 0185, 0186, 0187, 0188, 0189, 0190, 0191, 0192

You can type the characters by using the alt key and the numeric representation (using the numeric keypad) of the character: Alt0128 = €
Note: You might have to toggle the numlock key

It's usually never a good sign that a file gets created with non-standard characters.

I've offered a few ways to get rid of the file, but a more complete solution is to determine why the file was created and how. That's a pretty tall order given that we don't know what's on the F: drive or what it is used for (data, dual boot, programs ???). So the best thing to do is check the system for malware and if the utilities don't clean up the file, then use brute force and hope that nothing is lurking.

So far, Mbam and AdwCleaner came back clean - we'll see if TFC or JRT help, then try ESET online scanner (Panda and herdProtect are also good tools to use). Farbar FRST is also very good, but I don't have the experience to build the cleanup script ... so I use it to scan only and then ask for help if anything is detected.

It's up to Nick to decide how he wants to proceed. We can only guide a member based on our experience and the feedback we receive. You're doing great Nick, we'll be here when you're back at the machine.

Bill
.

 

[nick0920]

Please follow the advice of one member in the order that advice was given, including any follow-up analysis or suggestion.

Callender suggested technibble - follow that path before anything offered here.

An orderly approach to trouble shooting is the only way to maintain sanity

---

From the picture in post# 9, the file has no extension. It has the system attribute set and it has been around for quite a while (modify 2013-01-07)

View attachment 333799​

Nick, please post the attributes of the file
command prompt
f:
cd \
attrib hehe\*.*
exit

There are a few ways to get around Windows - both require booting to another device.
Windows Repair Disc
--OR--
Linux flash drive.

1. Download the Rufus bootable USB drive creation utility

Rufus home page
Rufus FAQ​

2. Download the Linux Mint Mate ISO

Select a download mirror from the pages below that is nearest your location to lessen download time
Linux Mint Mate 32 bit (32 or 64 bit machines)
Linux Mint Mate 64 bit (only 64 bit machines)
Linux Mint Mate documentation [PDF]​

3. Create a bootable USB thumb drive using Rufus and the Linux Mint Mate ISO

Mint Mate is 1.3 GB, so you need a thumb drive with at least 2 GB.
:warn: Creating a bootable thumb drive erases all data on the thumb drive.
:warn: If you have data on the thumb drive that you need, move it to your Hard Drive or burn it to an Optical Disc.

• Connect the USB thumb drive to a USB port
• Launch Rufus
  
  
  View attachment 333803​
• The fields in Rufus are filled in with defaults. The defaults work well, but a few things need to be verified or changed.
  1. Verify that Rufus selected the thumb drive you want to write. Change the Device if the wrong USB thumb drive is presented in that field.
  2. Change Create a bootable disk using from the default to ISO image
  3. Select Linux Mint Mate ISO as the source. The file should appear on the status bar
  4. unTick Create extended label and icon files
  5. Compare your Rufus window with the image above. If everything other than the Device field are the same, then continue to the next step. Note that the ISO name in the status bar is subject to change as new versions are released
  6. Press the Start button
• The status bar notifies you when the process is Done
• Press the Close button

Leave the Linux Mint Mate thumb drive connected for the next steps​

4. Boot to Linux Mint Mate

Save any files you are working on, then Restart your machine
Check your machine documentation to determine the key that brings up the Boot Order startup menu. This example is from an HP laptop that assigns it to the F9 key.
When the machine begins to start again (black screen) tap the F9 key to bring up the Boot Order startup menu. There is only a short time to "catch" the Boot Order menu. If Windows starts, you will have to try again.​

Whichever boot you decide on, there is probably still a permissions issue - you'll need to change the attributes / permissions before you try to delete the file.

---

Even if you get the file removed, you still need to determine where it came from ... is it malicious? I believe it is, but Malwarebytes and AdwCleaner came back clean.

I would try the following before resorting to the boot option above, but it's your choice.

There are a few other utilities you might want to try

   Warning

Before running any repair utility:

• Save any open files
• Close ALL applications
• Disconnect from the Internet unless the application requires a connection
• If the application prompts you to restart your system - restart your system.

Old Timer-Temp File Cleaner (TFC)

Restart your machine in case there are any system operations pending

Old Timer-Temp file Cleaner (TFC)

   Note

This utility

• is a standalone application, there is no install.
• does not require a connection, please disconnect after the download has completed.

1. Click on the Save button on the Do you want to run or save ... action bar to save the package in your Downloads folder.

For example: C:\Users\Dad\Downloads

2. Click the Open folder button when the ... download has completed action bar is presented
Right click TFC (it should be highlighted) and select run as administrator
--> Answer Yes to the UAC dialog window

:warn:Save your work and close all open windows.
TFC will close ALL open programs including your browser!

3. Click the Start button to begin the cleaning up temporary files and folders.
:warn: Do not work on other things while TFC is running - most applications use some sort of temporary files. Just let TFC run by itself on the machine until it completes.

:busted: If TFC prompts you to reboot, do so immediately.
:busted: If TFC does NOT prompt you, then reboot your machine immediately after TFC has completed.

RESTART your machine after running TFC​

Junkware Removal Tool (JRT)

   Information

Author's page: Malware Analysis and Removal: Junkware Removal Tool (JRT) Released - Freeware

About
Many of the infections we see on the forums and in the work environment nowadays involve a user that has an unwanted program, toolbar, or browser helper object (BHO) on their computer.

Some examples include (but not limited to):
Ask Toolbar, Babylon, Browser Manager, Claro / iSearch, Conduit, Coupon Printer for Windows, Crossrider, Facemoods / Funmoods, iLivid , IncrediBar , MyWebSearch, Searchqu, Web Assistant

The tool is designed to remove all traces of these types of programs which includes services, registry values, registry keys, files, and folders. The tool will also restore some default settings for Internet Explorer and Mozilla FireFox. Google Chrome is not supported (perhaps in future).

The tool is non-interactive so the user can simply open it by double-clicking and wait for the log report (JRT.txt) to open when the tool is finished.

A copy of the log is saved to the user's desktop incase you want the user to attach the log.

   Note

This utility

• is a standalone application, there is no install.
• does not require a connection, please disconnect after the download has completed.

Junkware Removal Tool (JRT)

1. Click on the Save button on the Do you want to run or save ... action bar to save the package in your Downloads folder.

For example: C:\Users\Dad\Downloads

2. Click the Run button when the ... download has completed action bar is presented
--> Answer Yes to the UAC dialog window

3. JRT opens a Command Prompt widow which displays some operational information. Read the screen and press any key when you're ready to continue.

4. The scanner initializes and runs. When JRT finishes, it reports the status of the scan in the Command Window and presents the log in your default text editor.
-> Save the log as JRT_SFProfileName.txt
For example: JRT_Slartybart.txt

RESTART your machine after running JRT

5.Attach the log file to a new post on your thread.

Attach the JRT log​

Hi, im back. Never thought of using linux usb boot, i hv bootable ubuuto usb.
Now the file is gone.

 

[nick0920]

Yeh, that system file , not sure if it's malware, virus.. or adware? Scanned with mbam and adwcleaner. Both come out clean. Well lucky for bootable usb.., even tho im not sure what that is, as long as i hv deleted that suspicious looking file, hope everything is ok now. All i need to do now is run a full scan on my computer. Atm im using mbam and mcfee(free).

Again Thanks A lot guys for the help. As for Slartybart, sry i didnt get to try TFC / JRT, i saw those after i ran ubuutu. Haha.

 

[Slartybart]

Glad you were able to remove the file using am alternate boot.

It would be a good idea to run TFC & JRT (see post# 16), followed by a scan with ESET online scanner.

---

ESET Online scanner

---

This scanner requires Internet Explorer.
The scanner runs in a pop-up window - if you close the window, you close the scanner.

1. Read the help, then press the Run ESET Online Scanner button
   
   
   Free Virus Scan | Online Virus Scanner from ESET :: Help
   
   

   
2. Select the options shown below and press the start button
   
   To manually determine the disposition of detected objects, de-select

   

   Remove found threats.

    

   When the scan finishes, review any detected malware to determine if they are known to you or are unknown. If they are unknown, they are most likely malware and can be deleted.
   
   If you're not sure, do not close the scanner window. Attach the ESET log and a member will assist you.
   
   ESET Online Scanner FAQs
   

   How can I view the log file from ESET Online Scanner?
   
   The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis.
   
   The path to the log file is:

   • 32-bit systems: C:\Program Files\ESET\EsetOnlineScanner\log.txt
   • 64-bit systems: C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt

   It is recommended that you use the options below to automatically remove threats.