This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot remove quarantined file

Hi,

I have run the anit-virus scan and I have one file in quarantine. It is a Troj/Rootkit-ES virus and the file is c:\windows\system32\a0b5fd8a66e07f06c6fcc52e7d6bf4e1.sys.

The file is hidden and there is an instruction that manual cleanup is required. However I cannot find this file anywhere. I have allowed system and hidden files to be shown and I cannot find this file in c:\windows\system32.

I would like to remove this file completely. Any ideas on how I find it?

Thanks

Ian

:596


This thread was automatically locked due to age.
  • Hi,

    I would try the following in order:

    1. Use CMD just incase anything is still hooking some windows calls.

    CMD.exe

    C:

    del c:\windows\system32\a0b5fd8a66e07f06c6fcc52e7d6bf4e1.sys

    If that works I would consider rebooting and then running another scan.

    If that fails:

    2. Try "Safe Mode" at startup: "F8".

    3. Use a bootable Linux distro with NTFS support tp boot from and delete the file from that. 

    I hope it helps.

    Thanks.

    :597
  • Thanks for the reply.

    The file does not exist in c:\windows\system32. This is really the problem!

    Even if I allow hidden and system files to be shown it is still not there. There is not even a filename close to this one.

    Ian

    :599