Hello, first of all, I hope this is the right place on this forum to post this. I looked around, and decided to post it here. If it belongs somewhere else, sorry and let me know.
---------------------------
Here's my question:
I have a problem with 2 infected DLL files (trojans) on one of my PCs (Windows XP professional SP2).
The first file is called c:\windows\system32\batmete.dll. When I try to delete it (even in safe mode), I get an ‘Access Denied' error. I know AVG isn't the best, but it fails to remove the file after detection even though it says it will after reboot. I don't know if there is a root kit, or what, but I cannot get it deleted.
The second file is called c:\windows\system32\efedc.dll. It is the same case as above (unable to delete) except the error is ‘This file is being used by another program.' When I viewed a tasklist /m command on the cmd-line, I noticed that winlogon.exe and explorer.exe are using efedc.dll as a module. The problem is that winlogon.exe cannot be shutdown without shutting the whole system down. It won't allow me to kill the process, but even if I could get it killed somehow, the operating system then wouldn't be running for me to delete the file with. I'm assuming winlogon.exe is a very essential part of the Windows running operating system, so shutting it down means the operating system wouldn't work... right? Let me know if I'm wrong because I don't know everything.
Anyway, I was wondering if the following is possible:
I would like to plug my hard drive (let's call it H1) into a separate computer (with hard drive H2) so that the system files on H1 wouldn't be running the system they make up. The operating system on H2 would be running, therefore, the system files on H1 would, again, not be running or holding access to other files on H1. This would allow me to delete the DLL files off H1, just like a jump drive, using the system running on H2. In other words, I'd like to treat the infected hard drive like a jump drive by plugging it into another computer, then delete the infected files I mentioned above. How could I accomplish this if possible? I would also like to safeguard against infecting H2.
Also, let me know if there is a different way to remove these files.
Thanks for your help.
---------------------------
Here's my question:
I have a problem with 2 infected DLL files (trojans) on one of my PCs (Windows XP professional SP2).
The first file is called c:\windows\system32\batmete.dll. When I try to delete it (even in safe mode), I get an ‘Access Denied' error. I know AVG isn't the best, but it fails to remove the file after detection even though it says it will after reboot. I don't know if there is a root kit, or what, but I cannot get it deleted.
The second file is called c:\windows\system32\efedc.dll. It is the same case as above (unable to delete) except the error is ‘This file is being used by another program.' When I viewed a tasklist /m command on the cmd-line, I noticed that winlogon.exe and explorer.exe are using efedc.dll as a module. The problem is that winlogon.exe cannot be shutdown without shutting the whole system down. It won't allow me to kill the process, but even if I could get it killed somehow, the operating system then wouldn't be running for me to delete the file with. I'm assuming winlogon.exe is a very essential part of the Windows running operating system, so shutting it down means the operating system wouldn't work... right? Let me know if I'm wrong because I don't know everything.
Anyway, I was wondering if the following is possible:
I would like to plug my hard drive (let's call it H1) into a separate computer (with hard drive H2) so that the system files on H1 wouldn't be running the system they make up. The operating system on H2 would be running, therefore, the system files on H1 would, again, not be running or holding access to other files on H1. This would allow me to delete the DLL files off H1, just like a jump drive, using the system running on H2. In other words, I'd like to treat the infected hard drive like a jump drive by plugging it into another computer, then delete the infected files I mentioned above. How could I accomplish this if possible? I would also like to safeguard against infecting H2.
Also, let me know if there is a different way to remove these files.
Thanks for your help.