Guest Bill B Posted April 12, 2008 Posted April 12, 2008 Windows Defender has found a "Backdoor:Win32 Agent" but when I ask to have it removed I receive error '0x80501001', couldn't complete the action successfully. I have located the file on my external hard drive and have tried to delete it manually (using right click from the mouse). Apparently the file is successfully deleted but when I go back into the folder it has re-appeared. Can anyone help me get rid of this file? Quote
Guest Man-wai Chang ToDie (33.6k) Posted April 12, 2008 Posted April 12, 2008 Bill B wrote:<span style="color:blue"> > Windows Defender has found a "Backdoor:Win32 Agent" but when I ask to have it > removed I receive error '0x80501001', couldn't complete the action > successfully. I have located the file on my external hard drive and have > tried to delete it manually (using right click from the mouse). Apparently > the file is successfully deleted but when I go back into the folder it has > re-appeared. Can anyone help me get rid of this file?</span> Boot into safe mode and try again. -- @~@ Might, Courage, Vision, SINCERITY. / v \ Simplicity is Beauty! May the Force and Farce be with you! /( _ )\ (Xubuntu 7.10) Linux 2.6.24.4 ^ ^ 19:16:01 up 11 days 27 min 1 user load average: 1.29 1.12 1.09 ? ? (CSSA): http://www.swd.gov.hk/tc/index/site_pubsvc...sub_addressesa/ Quote
Guest Man-wai Chang ToDie (33.6k) Posted April 12, 2008 Posted April 12, 2008 Bill B wrote:<span style="color:blue"> > Windows Defender has found a "Backdoor:Win32 Agent" but when I ask to have it > removed I receive error '0x80501001', couldn't complete the action > successfully. I have located the file on my external hard drive and have > tried to delete it manually (using right click from the mouse). Apparently > the file is successfully deleted but when I go back into the folder it has > re-appeared. Can anyone help me get rid of this file?</span> BTW, seems that the virus has been activated and locked the EXE.... I hope not. Boot into safe mode and scan that file again. -- @~@ Might, Courage, Vision, SINCERITY. / v \ Simplicity is Beauty! May the Force and Farce be with you! /( _ )\ (Xubuntu 7.10) Linux 2.6.24.4 ^ ^ 19:25:01 up 11 days 36 min 1 user load average: 1.01 1.08 1.08 ? ? (CSSA): http://www.swd.gov.hk/tc/index/site_pubsvc...sub_addressesa/ Quote
Guest Bill B Posted April 12, 2008 Posted April 12, 2008 I've tried again in Safe Mode but unfortunately the problem is still there. Any other suggestions would be welcome "Man-wai Chang ToDie (33.6k)" wrote: <span style="color:blue"> > Bill B wrote:<span style="color:green"> > > Windows Defender has found a "Backdoor:Win32 Agent" but when I ask to have it > > removed I receive error '0x80501001', couldn't complete the action > > successfully. I have located the file on my external hard drive and have > > tried to delete it manually (using right click from the mouse). Apparently > > the file is successfully deleted but when I go back into the folder it has > > re-appeared. Can anyone help me get rid of this file?</span> > > BTW, seems that the virus has been activated and locked the EXE.... I > hope not. Boot into safe mode and scan that file again. > > -- > @~@ Might, Courage, Vision, SINCERITY. > / v Simplicity is Beauty! May the Force and Farce be with you! > /( _ ) (Xubuntu 7.10) Linux 2.6.24.4 > ^ ^ 19:25:01 up 11 days 36 min 1 user load average: 1.01 1.08 1.08 > ? ? (CSSA): > http://www.swd.gov.hk/tc/index/site_pubsvc...sub_addressesa/ > </span> Quote
Guest Bob Posted April 12, 2008 Posted April 12, 2008 I suspect the file has in fact been deleted, however "Indexing" doesn't know it. If you Rebuild the Index you won't see it again. How to Rebuild Windows Vista Search Index http://www.wikihow.com/Rebuild-Windows-Vista-Search-Index ------- Report back, please "Bill B" <BillB@discussions.microsoft.com> wrote in message news:D6CABCEE-3BEF-47CC-A61C-90E466D8C3D6@microsoft.com...<span style="color:blue"> > I've tried again in Safe Mode but unfortunately the problem is still > there. > Any other suggestions would be welcome > > "Man-wai Chang ToDie (33.6k)" wrote: ><span style="color:green"> >> Bill B wrote:<span style="color:darkred"> >> > Windows Defender has found a "Backdoor:Win32 Agent" but when I ask to >> > have it >> > removed I receive error '0x80501001', couldn't complete the action >> > successfully. I have located the file on my external hard drive and >> > have >> > tried to delete it manually (using right click from the mouse). >> > Apparently >> > the file is successfully deleted but when I go back into the folder it >> > has >> > re-appeared. Can anyone help me get rid of this file?</span> >> >> BTW, seems that the virus has been activated and locked the EXE.... I >> hope not. Boot into safe mode and scan that file again. >> >> -- >> @~@ Might, Courage, Vision, SINCERITY. >> / v Simplicity is Beauty! May the Force and Farce be with you! >> /( _ ) (Xubuntu 7.10) Linux 2.6.24.4 >> ^ ^ 19:25:01 up 11 days 36 min 1 user load average: 1.01 1.08 1.08 >> ? ? (CSSA): >> http://www.swd.gov.hk/tc/index/site_pubsvc...sub_addressesa/ >> </span></span> Quote
Guest Malke Posted April 12, 2008 Posted April 12, 2008 Bob wrote: <span style="color:blue"> > I suspect the file has in fact been deleted, however "Indexing" doesn't > know it. If you Rebuild the Index you won't see it again. > > How to Rebuild Windows Vista Search Index > http://www.wikihow.com/Rebuild-Windows-Vista-Search-Index</span> Actually it is probable that the file has not been deleted and that the OP has one of the many types of malware that is respawning. Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Guest Malke Posted April 12, 2008 Posted April 12, 2008 Bill B wrote: <span style="color:blue"> > I've tried again in Safe Mode but unfortunately the problem is still > there. Any other suggestions would be welcome</span> You have something that is respawning. Go through these general malware removal steps systematically - http://www.elephantboycomputers.com/page2....emoving_Malware Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. Please see the special Notes regarding using Multi_AV in Vista. http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions http://tinyurl.com/yoeru3 - download link and more instructions You can also check to see if there are targeted removal steps for your malware here: Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html When all else fails, get guided help. Choose one of the specialty forums listed at the first link. Register and read its posting FAQ. You will generally be asked to: 1. Download and execute HiJack This! (HJT) - http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word wrap" 3. Download/run Deckard's System Scanner - http://www.techsupportforum.com/sectools/Deckard/dss.exe 4. Save the scan results (Main.txt and Extra.txt) 5. And then post the contents of Main.txt and Extra.txt in your post at the forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS. Standard disclaimer: I can't see and test your computer myself, so these are just suggestions based on many years of being a professional computer tech; suggestions based on what you've written. You should not take my suggestions as a definitive diagnosis. If you can't do the work yourself (and there is no shame in admitting this isn't your cup of tea), take the machine to a professional computer repair shop (not your local equivalent of BigComputerStore/GeekSquad). Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. If possible, have all your data backed up before you take the machine into a shop. Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Guest Bill B Posted April 14, 2008 Posted April 14, 2008 Malke, Many thanks for your help. I eventually managed to remove the file by using the 'File ASSASSIN' function in Malwarebytes' Anti-Malware software. I'll cetainly refer to your suggestions again should I ever get caught again. Cheers Bill B (Brit in France) "Malke" wrote: <span style="color:blue"> > Bill B wrote: > <span style="color:green"> > > I've tried again in Safe Mode but unfortunately the problem is still > > there. Any other suggestions would be welcome</span> > > You have something that is respawning. Go through these general malware > removal steps systematically - > http://www.elephantboycomputers.com/page2....emoving_Malware > > Include scanning with David Lipman's Multi_AV and follow instructions to do > all scans in Safe Mode. Please see the special Notes regarding using > Multi_AV in Vista. > > http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions > http://tinyurl.com/yoeru3 - download link and more instructions > > You can also check to see if there are targeted removal steps for your > malware here: > Bleeping Computer removal how-to's - > http://www.bleepingcomputer.com/forums/forum55.html > > When all else fails, get guided help. Choose one of the specialty forums > listed at the first link. Register and read its posting FAQ. You will > generally be asked to: > > 1. Download and execute HiJack This! (HJT) - > http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe > > 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word > wrap" > > 3. Download/run Deckard's System Scanner - > http://www.techsupportforum.com/sectools/Deckard/dss.exe > > 4. Save the scan results (Main.txt and Extra.txt) > > 5. And then post the contents of Main.txt and Extra.txt in your post at the > forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS. > > Standard disclaimer: I can't see and test your computer myself, so these are > just suggestions based on many years of being a professional computer tech; > suggestions based on what you've written. You should not take my > suggestions as a definitive diagnosis. If you can't do the work yourself > (and there is no shame in admitting this isn't your cup of tea), take the > machine to a professional computer repair shop (not your local equivalent > of BigComputerStore/GeekSquad). Please be aware that not all local shops > are skilled at removing malware and even if they are, your computer may be > so infested that Windows will need to be clean-installed. If possible, have > all your data backed up before you take the machine into a shop. > > Malke > -- > MS-MVP > Elephant Boy Computers > www.elephantboycomputers.com > Don't Panic! > </span> Quote
Guest Malke Posted April 14, 2008 Posted April 14, 2008 Bill B wrote: <span style="color:blue"> > Malke, > Many thanks for your help. I eventually managed to remove the file by > using the 'File ASSASSIN' function in Malwarebytes' Anti-Malware software. > I'll cetainly refer to your suggestions again should I ever get caught > again. Cheers</span> Glad to hear you got things sorted. Yes, the Malwarebytes programs are my new Best Friends. ;-) Thanks for taking the time to let me know you're OK now. Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.