Jim Lawrence
accessd at shaw.ca
Tue Feb 28 12:22:14 CST 2012
It looks like you may have had a Trojan on your system at one point but it was removed, at least most of it. Somewhere in your system an application is set to run automatically. It can be in your startup folder, in the paths, in your ini files, your boot files and in your registry. It will take a bit of detective work but you can start with the app "msconfig" for listing the most common start up locations. Some techs suggest to turn off all your startup applications and then slowly introduce them back one at a time. After that you have to follow each application from its start to finish. One of the most common and simplest methods to hide an application, is to name it like a real existing app and just dump in the path (check your paths...you can Google each file and get the its legitimacy, default size and location). You will have to check not only the applications but their locations as well. Then there is the 'AT' command that is the core to your scheduler and it is easy to add a simple app to run at certain times. Off the top I would expect that one of your legitimate application was compromised along the way and now when it is run it always sets the registry to run-once some small app made up of no more than a couple of lines of script. Have you tried to run MS Essentials as it may find a innocuous batch or command file that is not even deemed as dangerous by other malware detectors? HTH Jim -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Kathryn Bassett Sent: Monday, February 27, 2012 8:50 PM To: 'Discussion of Hardware and Software issues' Subject: Re: [dba-Tech] Getting rid of some folders Back in December, I posted the problem below. The problem still hasn't been resolved. I have a similar problem with a specific spreadsheet. Maybe if we can solve that one, I can try the solution with the folders. I had a spreadsheet that I no longer use. I have been trying to get rid of it, and its accompanying desktop shortcut for months. I've found a few things on the web, but mostly they have to do with virus or malware issues, neither of which are the case for me (I use Malwarebytes and Avast). I have even gone into safe mode to delete them (including emptying the recycle bin) and within a day, they are back. I've deleted other spreadsheets without this happening, so I can't figure out why this particular one is a problem. I didn't even have much of anything in it, just a few days of keeping track of time for a client. It's an Excel, in case that makes a difference (most of my spreadsheets are QuattroPro). On the Tech Support Guy Mailing List, someone recommended http://eraser.heidi.ie/ but that didn't work either. The file stayed gone for about 2 reboots, but it was back again this morning. I've just tried renaming it, without deleting it, to test if it comes back with the old name. Any more ideas? Kathryn > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech- > bounces at databaseadvisors.com] On Behalf Of Kathryn Bassett > Sent: Monday, December 19, 2011 5:20 PM > To: 'Discussion of Hardware and Software issues' > Subject: [dba-Tech] Getting rid of some folders > > I am pulling my hair out over this. I have folders such as this: > C:\Fr4\Noel > C:\Fr4\NoelLivingstone > C:\Fr4\oconner > > I can't seem to get rid of them. First, I was just deleting them. But I > eventually noticed that they'd come back. Tried a number of times > before starting to research it. The common issues seem to involve > dropbox or folders that are shared. I don't have dropbox, and the > folders aren't shared. One place that I found suggested "copy" the name > of the folder, delete it, then make a new folder, pasting the name in. > Then empty recycle bin and reboot, then delete the now empty folder. I > did that for about 1/2 dozen folders and it worked. Those are now gone > and haven't returned. So I started doing the rest of them (20 more). > But it's not working for those. > > I've even done these steps ONLY. IOW, boot up, do that routine, empty > the recycle bin, then reboot. Not running any other programs like email > etc. > > On the Tech Support Guy List Tech Support Guy List > (http://www.techguy.org) which is not very active, one person asked, > and I answered: > > > 1. What operating system? > > Vista - sorry, I thought I had put that down. > > > 2. Has this computer ever had Nortons on it? Nortons does weird > things > > with its "protected" recycle bin. Even after Nortons has been > > uninstalled, it can leave some of these strange remnants behind. > > Only long enough to get the computer home when I bought it (2007). > Uninstalled immediately (I hate Norton), then went through the registry > and deleted Norton references. So, in effect, no. > > > 4. Try right-click "delete on boot". This is included in several free > > utilities such as Gipo Utilities, which will add this useful line to > > your right-click menu. > > While looking to see if I had this option, I discovered something. The > entire Fr4 folder was read only. I've changed that, and will see if > that works. If not: > > > 3. What happens if you delete in Safe Mode? > > Hmm, haven't thought to try that. After I get this email off, I'll try > that if changing the read only option doesn't work (no idea how it got > that way). > > > 5. I assume that normal folders delete OK, and that this is > associated > > only with your "FR4 folders". Does FR4 mean anything---associated > with > > any particular program which might be protecting these folders? In > W7, > > for example, this type of behaviour can be associated with protected > > system folders/files. > > Yes and yes. FR4 is an old dos genealogy program (Family Roots version > 4). > I'm the only person in the world still providing support for it, > getting the data into a format that can be imported to a windows > genealogy program. No, it doesn't protect, and I've deleted client > subfolders before, which makes the current behavior all the more > puzzling. > > Where I'm at now: > > Safe mode and the read only part didn't do the trick, except > temporarily. I changed C:\Fr4 to C:\Fr4b. Then I made a new folder > C:\FR4 (the r being upper case) and dragged the things I need to keep > into it. A reboot (last > night) showed only the items I want in C:\FR4, and just the subfolders > I don't want in C:\Fr4b. I couldn't do any more reboot testing last > night, but I had deleted the subfolders from C:\Fr4b, leaving it empty. > > I only did one other thing before shutting down for the night, which > I'll explain in a minute. Then this morning, they are back again in > C:\FR4. The folder has to have that name, I can't use C:\FR4b, but even > if I could, that wouldn't solve the problem of C:\FR4 adding itself > back in. > > The one other thing is my nightly backup. I use SecondCopy to do "Exact > copy, source to destination, delete obsolete files from destination" > and these are the 3 "profiles" I use: > C:\Users\Kathryn\AppData\Local\Microsoft\Outlook to > I:\Vistamydocs\OutlookMail > C:\Users\Kathryn\AppData\Local\Microsoft\Outlook > to C:\Users\Kathryn\Documents\OutlookMail > C:\Users\Kathryn\Documents (& subdirectories) to I:\Vistamydocs > > As you see, nothing to do with C:\FR4. > > Anybody got any ideas why this is happening and how I get rid of the > subfolders I don't want? > > Kathryn > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com