Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows 7 Windows 7
Search Search
Search for:
Tech Support Guy > > >

Deleting a folder that it says isn't there but is?


(!)

machv's Avatar
machv   (Neil) machv is offline machv has a Profile Picture
Computer Specs
Member with 347 posts.
THREAD STARTER
 
Join Date: May 2009
Location: Duncan BC Canada
Experience: Intermediate
30-Apr-2010, 06:38 PM #1
Exclamation Deleting a folder that it says isn't there but is?
i had a hacker so i reinstalled my OS. win7 created a folder called windows.old. after installing from scratch a folder called nexon was created i used to have a nexon game. also a folder that among other things had nircmd utility in it. i deleted folders nexon, windows.old, and folder that contained nircmd. as i did not want hacker to come back. i have nircmd folder in recycle bin can i get rid of it? i get conflicting research regarding this nircmd thing. Also windows.old was deleted completely except for a few folders and files basically folder pathe leading from c: to securerom and two files called ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ and ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ i can't read them they have no extension and notepad doesn't open it either it just does nothing. when i try to delete the windows.old folder i am told that it does not exist. i tried to encrypt the thing which i thught would stop any hacker access to whatever it does that didn't work but now the folder is in green text and all folders contained in it except files that are still black text. how can i get rid of them? I also tried using cmd.exe as administrator and tried del and del /f to no avail. what can i do?
BillVB's Avatar
BillVB BillVB is offline
Computer Specs
Member with 37 posts.
 
Join Date: Apr 2010
Experience: Advanced
30-Apr-2010, 08:41 PM #2
Try doing the same thing on CMD, but try these extensions:
del /f /q

Alternatively, try deleting the folder with a 3rd part shredder.
antech's Avatar
Computer Specs
Account Disabled with 1,427 posts.
 
Join Date: Feb 2010
Location: I cant live in one place!
Experience: Get all things wrecked up
01-May-2010, 10:44 AM #3
Try a freeware such as Unlocker.
Follow the instructions on the site very carefully:
http://www.w7forums.com/use-chkdsk-check-disk-t448.html
The folder might have been a corrupted one.
BTW,
is this your pic?
BillVB's Avatar
BillVB BillVB is offline
Computer Specs
Member with 37 posts.
 
Join Date: Apr 2010
Experience: Advanced
01-May-2010, 10:53 AM #4
The files themselves do appear to be the remains of some kind of malicious activity or a temp file. As antech said above, Unlocker should be able to do the trick, and the above link also.

Otherwise, try scanning it with your AV, if there is any dodgyness then it should pick it up.
machv's Avatar
machv   (Neil) machv is offline machv has a Profile Picture
Computer Specs
Member with 347 posts.
THREAD STARTER
 
Join Date: May 2009
Location: Duncan BC Canada
Experience: Intermediate
01-May-2010, 11:28 AM #5
i just tried a couple shredders to no avail they either crash from trying to delete it or can't do it either way i cant get rid of them
antech's Avatar
Computer Specs
Account Disabled with 1,427 posts.
 
Join Date: Feb 2010
Location: I cant live in one place!
Experience: Get all things wrecked up
02-May-2010, 06:21 AM #6
Quote:
Originally Posted by machv View Post
i just tried a couple shredders to no avail they either crash from trying to delete it or can't do it either way i cant get rid of them
Have you tried the link provided by me?
machv's Avatar
machv   (Neil) machv is offline machv has a Profile Picture
Computer Specs
Member with 347 posts.
THREAD STARTER
 
Join Date: May 2009
Location: Duncan BC Canada
Experience: Intermediate
02-May-2010, 12:20 PM #7
no i'll give them a shot and get back to you.
aka Brett's Avatar
Account Disabled with 16,918 posts.
 
Join Date: Nov 2008
02-May-2010, 12:30 PM #8
If one has had an infection etc.,they need to reformat...being you have a windows old folder you merely put on another copy of widows.
I would start over and format the drive then install windows.
machv's Avatar
machv   (Neil) machv is offline machv has a Profile Picture
Computer Specs
Member with 347 posts.
THREAD STARTER
 
Join Date: May 2009
Location: Duncan BC Canada
Experience: Intermediate
02-May-2010, 12:40 PM #9
ok. this sucks
antech's Avatar
Computer Specs
Account Disabled with 1,427 posts.
 
Join Date: Feb 2010
Location: I cant live in one place!
Experience: Get all things wrecked up
03-May-2010, 02:44 AM #10
Quote:
Originally Posted by machv View Post
ok. this sucks
What sucks?
machv's Avatar
machv   (Neil) machv is offline machv has a Profile Picture
Computer Specs
Member with 347 posts.
THREAD STARTER
 
Join Date: May 2009
Location: Duncan BC Canada
Experience: Intermediate
03-May-2010, 01:38 PM #11
Quote:
Originally Posted by aka Brett View Post
If one has had an infection etc.,they need to reformat...being you have a windows old folder you merely put on another copy of widows.
I would start over and format the drive then install windows.
that is what sucks. that i have to reinstall everything. I did just that yesterday and made sure to format the drive before the install.

I never did manage to remove that folder and files. i tried everything that was suggested to no avail. On another note. I noticed that the nmap tcp scans and fin scans i was getting numerous times a daay have stopped since this install. they were still happening last install. but i have just started seeing something else happening this address 89.241.78.17 has tried to send a possible fragmentation attack by sending a suspiciously small fragment.
this is what http://www.whois.domaintools.com has to say about them.

inetnum: 89.241.0.0 - 89.243.255.255
netname: OPAL-DSL
descr: Opal Telecom DSL
country: GB
admin-c: PM58-RIPE
admin-c: GD1052-RIPE
tech-c: PM58-RIPE
tech-c: GD1052-RIPE
status: ASSIGNED PA
mnt-by: OPAL-MNT
source: RIPE # Filtered

person: Phill Magill
address: Opal Telecommunications Plc
address: Northbank Industrial Estate
address: Irlam
address: Manchester
address: M44 5BL
address: United Kingdom
phone: +44 161 222-2000
fax-no: +44 161 222-2008
Pookie's Avatar
Pookie Pookie is offline
Senior Member with 198 posts.
 
Join Date: Dec 2004
Experience: Intermediate
03-May-2010, 08:13 PM #12
boot up to your windows cd, choose repair, go to recovery console, then when in recovery console use the attrib command to remove the flags if needed, -a is archive, -s is system, -r is read only, -h is hidden. Once it is unhidden and deletable, delete your file or folder that is not shown in normal mode. When done exit recovery console and boot normally. Short tutorial on attrib -r removes the read only flag +r adds it, same with all the other flags + adds it and - removes it.
Best of luck.
jiml8's Avatar
Member with 2,634 posts.
 
Join Date: Jul 2005
Experience: I've been at this for too long.
03-May-2010, 11:27 PM #13
I guess at this point I am not clear about whether you did manage to eliminate the files through a reformat and reload, or whether you are still wrestling with it.

Regardless, there is a way which positively will work when every Windows method fails.

Obtain a Linux Live CD and boot with it. A Linux Live CD is a complete Linux distribution on a CD or DVD, that is bootable. It will run completely off of the CD and out of RAM, and won't touch your hard disk.

After booting into Linux, use any of the many available Linux tools to delete the files off of your Windows drive. It won't fail because Windows won't be running and any mechanisms employed to prevent Windows from changing or removing the files will be totally bypassed.

As for the fact that you are again seeing evidence of external attacks, you need to make sure your system is secured. A software firewall installed and running on your system is a BIG help, but the hands-down best way to do it is to set up a router between your Windows machine and the internet..

Personally, I believe that NO Windows computer should be allowed on the internet without a keeper, and a router is the best form of keeper. You can purchase one in any electronics or computer store and in many department stores, starting at about USD 30.
antech's Avatar
Computer Specs
Account Disabled with 1,427 posts.
 
Join Date: Feb 2010
Location: I cant live in one place!
Experience: Get all things wrecked up
04-May-2010, 03:00 AM #14
Follow the below Instructions Carefully:

1. Download Hijack this from the link.

(Choose the installer of HJT—Hijack This)

2. Run a Scan.

DO NOT FIX ANYTHING BY YOURSELF.

(Doing so when NOT Instructed Might cause Unwanted System Instability, BSOD's and Even Render your System Unusable)

3. Savea Log file (On your Desktop)

4. Copy and Paste all the contents.

5. Paste them in the Reply Window.

I am NOT an Authorized Malware Remover.

The Log is requested by me only for Optimization Purposes, troubleshooting and removing applications that are causing various problems such as Crashing, BSOD’s and Freezing and helping the poster remove any incompatible application/program and driver.

I will therefore NOT help if anything related to Malware is found in your log.

The thread will then be moved to the Malware Removal Forums for expert assistance.
machv's Avatar
machv   (Neil) machv is offline machv has a Profile Picture
Computer Specs
Member with 347 posts.
THREAD STARTER
 
Join Date: May 2009
Location: Duncan BC Canada
Experience: Intermediate
04-May-2010, 01:38 PM #15
here is the hijack log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:30 AM, on 5/4/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\shaw\bin\shawsupport.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: Shaw Support.lnk = C:\Program Files\shaw\bin\shawsupport.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 6067 bytes
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
deleting folders, windows.old folder

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
It Says Installing Updates but never shuts down nintendo9231889 Windows XP 3 17-Aug-2009 03:50 PM
Files in folders and subfolders saying "folders is empty" jimmyk311 Windows XP 2 18-Nov-2008 01:23 PM
Wireless says not connected but is Meteora21 Web & Email 3 23-Jan-2008 10:51 AM
It says I'm connected, but I can't browse on wireless me_kaa Networking 12 04-Oct-2007 05:27 PM
It says i'm connected, but explorer not working Kidrabbit Networking 18 27-Jul-2007 04:11 AM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2