« previous next »
Pages: [1] 2 3 4   Go Down

Author Topic: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!  (Read 33820 times)

0 Members and 1 Guest are viewing this topic.

cla11826

  • Guest
Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« on: April 17, 2013, 04:37:09 AM »
Hello All,

I am using Avast and ran a scan and Avast found 4 threats. 3 will delete and one will not. The one that will not delete is the "C:\windows\assembly\gac_32\desktop.ini" file.

Can anyone help me figure out how to delete the file?

Thanks!
Logged

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #1 on: April 17, 2013, 08:20:22 AM »
hey and welcome to the forum-

plasese follow this and attach your logs

http://forum.avast.com/index.php?topic=53253.0

ps its better to move to the chest rather then delete.
Logged
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37700
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #2 on: April 17, 2013, 10:26:51 AM »
can you tell us what avast say about those files?
a screenshot would help...
Logged

cla11826

  • Guest
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #3 on: April 17, 2013, 03:49:12 PM »
Hello Mikaelrask, and thank you for the welcome. I will use the link you provided and attach my logs.

@pondus, here is what Avast tells me about the scan results.
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37700
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #4 on: April 17, 2013, 04:09:36 PM »
it seems you have a ZeroAccess rootkit infection...
you need a removal expert to kill this so attach the requested logs

Logged

cla11826

  • Guest
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #5 on: April 18, 2013, 04:05:51 PM »
Hello Mikaelrask & Pondus, Sorry for the delay.

Here is my AdwCleaner log.

# AdwCleaner v2.200 - Logfile created 04/18/2013 at 09:57:32
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

-\\ Google Chrome v26.0.1410.64

*************************

AdwCleaner[S1].txt - [385 octets] - [18/04/2013 09:51:56]
AdwCleaner[S2].txt - [6110 octets] - [18/04/2013 09:57:32]

########## EOF - C:\AdwCleaner[S2].txt - [6170 octets] ##########
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37700
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #6 on: April 18, 2013, 04:07:36 PM »
attach the rest of the logs....not copy and paste

Logged

cla11826

  • Guest
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #7 on: April 18, 2013, 04:24:40 PM »
Ok. Working on the rest right now.
Logged

cla11826

  • Guest
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #8 on: April 18, 2013, 04:52:26 PM »
Here is the adwcleaner log and the malware log attached. I will attach the OTL logs in a few minutes.
Logged

cla11826

  • Guest
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #9 on: April 18, 2013, 04:55:49 PM »
Here are the two OTL logs.
Logged

cla11826

  • Guest
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #10 on: April 18, 2013, 05:19:41 PM »
Currently working on the aswMBR log.
Logged

cla11826

  • Guest
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #11 on: April 18, 2013, 05:22:36 PM »
Here is the aswMBR log attached.
Logged

cla11826

  • Guest
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #12 on: April 18, 2013, 05:27:23 PM »
What should I do next?
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37700
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #13 on: April 18, 2013, 05:49:01 PM »
Quote from: cla11826 on April 18, 2013, 05:27:23 PM
What should I do next?
you wait for Essexboy to arrive...
Logged

cla11826

  • Guest
Re: Cannot delete "C:\windows\assembly\gac_32\desktop.ini" HELP!!!
« Reply #14 on: April 18, 2013, 05:49:28 PM »
Ok. Will do.
Logged
Pages: [1] 2 3 4   Go Up
« previous next »