Can't delete program data DFTExm eUOBgXyl.exe

[Weston]

My laptop appears to be infected with malware. Firefox was crashed and replaced by an unknown browser that turns itself on periodically. I can't connect to the Internet.

Microsoft Security Essentials identified the potential threat as
C:\programdata\DFTExm eUOBgXyl.exe. I can't delete that folder or the files inside. It first says I need administrator rights (which I have) and then it says it can't delete because the file is open.

There is a persistent backup reminder window that says mypcbackup.com. I don't know the source. Can anyone offer a suggestion? In all my years on computers, I've never been infected before. I had only MSE on my laptop.

 

[Weston]

I've reworded my problem, in hopes of a response. First time experience with this, don't know what I'm dealing with, hoping to avoid a high cost repair.

 

[D3LL]

Method 1: Diagnose and fix program installing and uninstalling problems automatically
You may run the fixit mentioned in the article: Fix problems that programs cannot be installed or uninstalled

Method 2: Virus scan
You can download Microsoft Safety scanner, which provides on-demand scanning, and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
Refer to the link provided below to download Microsoft Safety scanner on the system.
Microsoft Safety Scanner - Free Virus Scan with the Microsoft Safety Scanner
Note:
The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
Disclaimer:
Any data files that are infected may be cleaned by deleting the file entirely, which means there is a potential for data loss.

 

[Weston]

I'll check the two links, but I have a feeling they require an Internet connection, which I don't have on the infected laptop.

I copied all of my document files, including my website files, onto flash drives and have loaded some, but not all, onto my desktop. Then I deleted them all from the laptop. I don't know of any way to find out if any of those files are infected--most are WordPerfect files, but many are graphics.

I was watching a Dreamweaver book video when the problem began with a notice about my needing to update my video ...?

 

[Weston]

Using Kaspersky on a flash drive I eventually deleted the suspicious files but I now have rinoreader and the problems persist. I don't know which started first.

 

[D3LL]

Using Kaspersky on a flash drive I eventually deleted the suspicious files but I now have rinoreader and the problems persist. I don't know which started first.

Well done for resolving yourself and posting the answer. Please can you mark the thread as resolved.

 

[Jacee]

Please (if you can) download (free version) Malwarebytes' Anti-Malware to your desktop
Malwarebytes | Free Anti-Malware Detection & Removal Software
* Right click to run as Administrator, using Windows 7 or Vista.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

 

[Weston]

it's my laptop that's infected and I can't download anything. I downloaded Malwarebyte on a flash drive, but I can't get it to start. It's about the Win 32 AO. and DNS API.dll missing error. There's a removal guide on the Internet but it involves making changes to the registry, and I don't want to take that chance,

You can Google for that guide page and read it if you want.

Meanwhile, Kaspersky on the flash drive now says the laptop is okay, which it isn't.

 

[D3LL]

it's my laptop that's infected and I can't download anything. I downloaded Malwarebyte on a flash drive, but I can't get it to start. It's about the Win 32 AO. and DNS API.dll missing error. There's a removal guide on the Internet but it involves making changes to the registry, and I don't want to take that chance,

You can Google for that guide page and read it if you want.

Meanwhile, Kaspersky on the flash drive now says the laptop is okay, which it isn't.

Why don't you just create a backup of the registry before you make any changes. It sounds like the Anti-Virus has tried to remove some of the files however it doing some of the operating files.

 

[Weston]

I have manually removed programs from the control panel, and I've removed folders and files from the directories. So I agree that the beast has been injured, just not fatally, or just not its hidden parts.

 

[Jacee]

Sounds like you may be infected with---> Trojan:Win32/Patched.AO

Read about this Trojan here: How to Remove Trojan:Win32/Patched.AO (Uninstall Guide)

 

[Weston]

You were right. Working with an Expert in the Malwarebytes Malware Removal Forum, I was able to remove the "DNSAPI is missing" error, using, as directed, various external processes.

I had copied some folders and files to flash drives and deleted them on the infected laptop. Everything is now back to normal, except for my Eudora program.

Yesterday I tried to get the copied Eudora folders and files back onto the laptop. I'm almost 100% certain that the Users/Appdata/Roaming/Qualcomm/Eudora folders were normal on my laptop (Windows 7).

But this morning, wanting to try again to get Eudora working, I discovered that Users/Appdata (and /Roaming) were missing. I found them in Users/.android, a folder I don't think was there yesterday (after the removal and cleanup had been done).

Can I move Appdata/Roaming back to Users/ and delete ".android"? Is ".android" a normal Users folder that I didn't notice before?