Can't delete a folder, possibly a virus?

Welcome to Majorgeek!

Please first try running a disk Error check on your hard disk. Just right click on the drive letter in My Computer and select Properties and then Tools. Then you see Error-checking click the Check now button and check both check boxes. Then click Start. Let me know the results.

 

While I'm not sure they have anything to do with your New Folder problem, it is a good thing you ran the scans. You had a bunch of malware that needed to be fixed. And you still have some. A Wareout infection is still present. In addtion, you have components of three antivirus applications still showing in your log and only one must be used. I see F-Secure, Symantec, and PC-Cillin. We need to remove the F-Secure and PC-Cillin component as it looks like the only one you use is Symantec. The below steps will use the simple steps first (which may not work since their are services to be killed).

However before continuing with the below, please go back and follow the directions in step 7 of the READ ME. You are running HijackThis exactly from where we specify not to run it.

Download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster
• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program

You have a Wareout infection!

Look in Add/Remove programs for UnSpyPC and uninstall if found.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

• Save it to your desktop and then run it by double clicking on it. It creates a folder named c:\fixwareout.
• Click Next, then Install.
• Then make sure Run fixit is checked (this runs C:\fixwareout\fixit.bat). And then click Finish.
• The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
• Your system may take longer than usual to load; this is normal.
• When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items if they still exist:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O4 - HKLM\..\Run: [Workflow] E:\Workflow.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ABA0A84-09B3-40C2-8732-D1373B09882A}: NameServer = 85.255.115.51
O17 - HKLM\System\CCS\Services\Tcpip\..\{E49E80BB-2427-4B24-B33F-8EACD11EF4A0}: NameServer = 85.255.115.51
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe (file missing)


After clicking Fix Checked, close HijackThis, and click OK to proceed.

At the end of the fix, reboot into safe mode and use Windows Explorer to double check for the below files and delete if found:
C:\Program Files\UnSpyPC <--- delete the whole folder if found
C:\Program Files\F-Secure <--- delete the whole folder if found
C:\Program Files\Trend Micro <--- delete the whole folder if found
C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url

Also see if you can now right click on the New Folder and select Delete.


Now reboot into normal mode and please attach the contents of the logfile C:\fixwareout\report.txt

There could be additional cleanup to do from Wareout and it the log will let us know.

Also attach a new HijackThis log.

If you could not delete the New Folder then download, install and try using the below to delete it. First just locate the folder in the Right window pane and left click on it once just to get it selected. Then click on Edit in the top menu and select Delete Permanently

ExplorerXP

Let me know the results.

Also tell me how things are working now.

 

The items I asked you to fix are still showing in your HijackThis log. This means one of the following:
1) You are still infected or got reinfected
2) You forgot to click Fix checked after selecting the lines
3) Something is blocking the fixes

Try fixing those lines again a make sure they go away. If they do not go away shutdown all protection software (like Ewido, CounterSpy, Symantec etc) and then try fixing them.

Let me know the results.

 

I assume CounterSpy & Ewid are the free trials from our READ ME. If so, uninstall both of them and reboot. Then continue with the below steps.

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to F-Secure Automatic Update... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Now repeat the above stop and disable for the following services:
PC-cillin PersonalFirewall
Trend NT Realtime Service

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

BackWeb Client - 7681197

Now repeat the Delete NT Service steps for:
PCCPFW
Tmntsrv

If you receive any error messages just ignore them and continue.

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.


Copy the bold text below to notepad. Save it as fixVundo.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.

Now reboot into safe mode and locate the below folders and delete them if found:
C:\Program Files\F-Secure
C:\Program Files\Trend Micro

Now reboot into normal mode and attach a new HJT log.
Also run the below procedure and attach the runkeys.txt log.

Using GetRunKey


Also please give me the FULL PATH to the problem folder! For example it should be something like below:
C:\Documents and Settings\username\My Documents\New Folder

Where username is the user account login name.

 

Before worrying about that folder, I want to get rid of all traces of malware that are being detected. So let's do the below.
Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

No look for the below file and if found, delete it.
C:\WINDOWS\System32\st3.dll

Then reboot and attach a new runkeys.txt log.

 

Okay that fixed the remaining malware problems you were having.

Now run ExplorerXP and locate:

C:\Documents and Settings\Carlisle Clan\My Documents\New Folder\Incomplete

Then select one of the files in the Incomplete folder. Do not use right click! Just select it and then at the top menu click Edit and select Delete Permanently. Does this work? If not, please see if you can reboot your PC into what is called Safe Mode with Command Prompt. If so, when the PC comes up you will just have a big command prompt windows and Windows itself is not truly running. Enter the below commands each followed by the enter key.

cd C:\Documents and Settings\Carlisle Clan\My Documents\New Folder\Incomplete

MAKE SURE THAT THE COMMAND LINE PROMPT CHANGES TO SHOW THAT you are in the above folder. DO NOT CONTINUE unless the prompt shows that you are in this problem folder.

attrib -r -h -s *.*
del *.* <--- say yes to the confirmation prompt
cd ..
attrib -r -s -h *.*
rd Incomplete
del *.* <--- say yes to the confirmation prompt
cd ..
rd "New Folder" <--- you need the quotes
exit

If typing exit does not restart your PC, try typing explorer and see if your Desktop appears. If so, reboot. Then come back and tell me what happened.

 

Yes! If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

What problems? You would have to be more specific and you would also probably have to ask in the Software Forum if you had problems with certain applications. Most people have very few problems. If you try to update while malware is present, you definitely can run into big problems.

You can still follow all the other steps even before you decide what to do about SP2.