Access Denied!

My neighbors recently came to me for help with their laptop. They have never used anti-virus or anti-malware programs, for which I shamed them mercilessly. Nonetheless, I offered to help clean up their comp, given that it could still start up, so for the past week, I've removed thousands of infected files, including some very stubborn ones. I've installed anti-viral and anti-malware programs and seem to have gotten rid of everything but one pesky downloader in the guest temporary internet files.

The problem is:

The C:\Documents and Settings\guest file is inaccessable, even in safe mode from the administrator account. The anti- programs can't delete the files, they find them, but just show errors when you try to fix/remove them, and I cannot get into the guest folder (even with Unlocker). The downloader(s) are called maxifilesdns[1].zip and maxifilesdns[2].zip and they are in the Temporary Internet folder of the guest accont. I can search for them and find them, but cannot delete them because I get the same message: Access is denied. I've run Hijack This, no other viral programs seem to be running, and even in safe mode, I cannot remove the files with Ccleaner, Disk Cleanup, or anti-virus/malware programs. Is there another tool I can use to get rid of this problem? or some way to just delete the whole guest folder? I feel I've tried everything I know to try, and I've read through the posts looking for more help, but can't find anything that works. I suppose it could be a damaged or unreadable part of the harddisc...Help! Thanks so much!

 

Forgot to include the following:
The comp is a Dell running WinXP, was SP1 w/no updates, now I've updated to current with SP2. It runs a Pentium 1.6GHz with 512MB of RAM. I have a suspicion that XP was installed post-production as the backup discs they gave me are all for older versions of windows, however, they bought the damn thing off eBay, so who knows.

 

Thanks for the welcome! I was so happy to find this site in my researching all the infections this couple has. It will definitely come in handy for my own interests, though hopefully not for anymore malware!

So, when I got the comp the guest account was disabled, so, thinking that was the problem when I couldn't delete the files with a program or manually (in C:\Documents and Settings\guest\Local Settings\Temporary Internet Files\Content.IE5\BZDX1TTU\maxifilesdns[1].zip (and maxifilesdns[2].zip in same folder) (also ...Content.IE5\KZSRM147\maxifiles[1].zip and ...Content.IE5\UR0ZMBA9\maxifiles[1].zip)) I enabled the account. I tried again, both from Admin and the guest account, both with a program (SpySweeper, Norman Anti-Virus, Ccleaner, Disk Cleanup) and manually, but programs failed and I still got "Access Denied" from the folder (or whenever I would type the direct path into windows explorer). I can go up to the guest file in Docs and Settings, but no farther. I can search the files, find them, but when I try to delete or access their containing folder, I get "Access Denied." For a while I thought something was protecting it, so I've let it go thinking I'd get it once the other malware was gone, but now, it looks to be the only thing left. I guess the main thing is I cannot open/access any files in/beyond the guest file without getting the error message. Thanks so much for your help! I'm trying the Buster program now. Any other thoughts?

 

This may be a long shot but in the file properties are they marked read only? Sometimes changing that attribute will allow the files to be accessed/deleted. If you can locate them via search maybe you can access the properties and change the attribute that way?

 

Ok, two scans with About Buster and nothing found. Not just nothing about my specific problem, but no files, no ads found, which is good, I guess...

I tried the Read Only thing before, but double checked and it's still not giving me access. Boooo. Gosh I wish that would've done it, though!

 

Ok, one more catch. When I hover over the guest folder, a dialogue box (you know the kind that tells you how many files are in the folder and what size the folder is) tells me the folder is empty. A virus scan is still picking up the files though. It seems I have a ghost file that claims to be malware in a subfolder that doesn't exist in a folder that cannot be accessed?

 

Oh my goodness, that worked! I actually think it's finally gone. I had to delete and empty the recycle bin through the ExplorerXP, because doing it through the recycle bin as usual didn't work (Access Denied). Once I got those files, I deleted the superfluous guest account, and now I think I can give my neighbors their computer back. I wanted to know if you could see anything else that I may be missing, so I've attached a HijackThis log. I just want to be sure this comp is as clean as it can be before returning it! Thanks so much for all your help!!!

 

deleting restore points

I have finished cleaning all the malware that I can find on this computer, and I did the disable/enable of system restore and ran through all the other steps, but I still have folders in the C:\System Volume Information folder with names beginning with "_restore{lots of numbers/letters}". Are these restore points that should have been deleted with with system restore step? Is it safe for me to delete these manually? They are quite large, one is 90.6MB, the other is 872MB. I have run antiviral and 3 types of malware programs each twice through with no snags...Thanks for the help!

(WinXP machine, Dell, recent model, 1.6GHz, 512MB RAM)

 

Kelly, I merged your threads together. As you are still working on the same computer it is best to keep all information pertaining to that machine in one thread to avoid confusion.

Also, as chaslang noted, there are still problems on that computer. It would be best if you posted the requested logs from the initial clean up so that he can check them to be sure.