Can't delete hidden folder

Started by OldEguy, February 06, 2018, 05:26:29 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

OldEguy

About 4 months ago, I got a nasty virus on my computer (win32/fuery.b!cl).  I was able to finally clean it off after I found it hiding inside another folder.  I deleted the whole folder, so I thought.  I now have Kaspersky Internet Security running full time and haven't had any issues for 4 months.

A week ago, I was just looking around my hard drive and found the same folder that I thought I had deleted.  When I looked inside it, it had a few other folders (they were named ... (the triple dot punctuation)).  I looked at the folder properties just today and it now says that it has 0 files and 247 folders.  Before it only had 3 folders if I remember correctly.  It also says that it has 0 bytes and 0 byte size.

It's on my hard drive that I use for storage.  I thought I could move it to my desktop and then delete it but that only made another copy of the same file on my desktop that I now can't remove.  I'm logged onto my computer as the admin but I don't know if the folder knows that.

I'm fairly tech savvy but probably just enough to get myself in more trouble.  I've looked up solutions on multiple message boards but still can't seem to figure out how to get it off my computer.  How do I delete a hidden folder that's impossible to delete?  Any help for this old guy would be much appreciated.

BTW I tried using the Unlocker program and even it couldn't remove it.

patio

" Anyone who goes to a psychiatrist should have his head examined. "

OldEguy

Thanks for the help but that didn't help.  It's still there.

Allan

Please follow the instructions in the following link and post your logs in the thread you create (NOT in this thread):
http://www.computerhope.com/forum/index.php/topic,46313.0.html

Hackoo

Hi  ;)
May be the folder is set as system and hidden by the virus ?
Did you know exactly the whole path of this folder ?
If yes try to delete it by command line
First you should change file attribuate
Open a cmd prompt and type

  • Attrib -s -h -r "The whole path of your folder here"
  • RD /S /Q "The whole path of your folder here"

OldEguy

I followed all the steps for malware removal and have attached the logs.
When I ran Malwarebytes, it found seven items I believe.  I then used the program to delete (not just quarantine) the viruses.  I ran Malwarebytes a second time and everything was clean.  However, when I tried to delete these hidden files, I still wasn't able to.

Again, my thanks for any help with this problem.

[attachment deleted by admin to conserve space]

Allan

I specifically asked you to post your logs in the malware forum, NOT in this thread. I'm moving this thread to the malware forum.

OldEguy

Allan,
I totally misunderstood you.  Please forgive me.

Allan

No problem. Please wait for Super Dave to respond.

SuperDave

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Defragment your hard drive soon! If you need help with this, please let me know.(Do NOT defrag if SSD!)

ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

    Download and execute ESET OnlineScan (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
    Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

        Enable detection of potentially unwanted applications;
        Scan archives;
        Scan for potentially unsafe applications;
        Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

   

    After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
   

    Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
   

    After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
   


    Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
   


    Once you're done, click on the Back button;
    Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;
Windows 8 and Windows 10 dual boot with two SSD's

OldEguy

#10
First, I feel like the biggest noob but it's best to be honest so you can best help me out with this issue.  I used the 30 day trial version instead of the online scanner.  I ran the scan and I'm posting the results below.

Log
Scan Log
Version of detection engine: 16874 (20180208)
Date: 2/8/2018  Time: 4:18:03 PM
Scanned disks, folders and files: C:\
C:\hiberfil.sys - unable to open [4]
C:\pagefile.sys - unable to open [4]
C:\Program Files\Logitech Gaming Software\Drivers\LGSHidFilter\LkmdfCoInst.dll » CAB » Microsoft Kernel-Mode Driver Framework Install-v1.9-Vista.msu - archive damaged - the file could not be extracted.
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » fonts/league_gothic-webfont.eot - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » fonts/league_gothic-webfont.svg - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » fonts/league_gothic-webfont.ttf - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » fonts/league_gothic-webfont.woff - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » fonts/RoboCondensed_bold.woff - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » fonts/RoboCondensed_regular.woff - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/backgrounds/bg-cover_dmm.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/backgrounds/bg-cover_pc.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/backgrounds/bg-cover_steam.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/backgrounds/bg01.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/backgrounds/bg02.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/backgrounds/bg03.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/backgrounds/bg04.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/backgrounds/bg05.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/backgrounds/bg_morrowind.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/btn-short-hover.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/btn-short.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/btn-teal-disabled.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/btn-teal-hover.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/btn-teal.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/checkbox-checked.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/checkbox.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/close.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/dropdown-bottom.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/dropdown-open.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/dropdown.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/flags.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/game-settings-arrow.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/game-settings.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/icons.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/line-short.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/line.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/minimize.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/news-block-hover.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/news-block.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/pause-disabled.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/pause-play.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/pause.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/plate-error.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/plate-extended-bottom.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/plate-extended.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/plate-games-news.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/plate-settings.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/progress-bar-fill.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/progress-bar-glow.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/progress-bar.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/scroll-down.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/scroll-tab.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/scroll-up.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/settings.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/status-down.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/gold/status-up.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/america_american_flag_united_states_of_america_us_icon.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/blockquote.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/Bottomline.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/button-normal.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/button-over.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/Checkbox-checked.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/Checkbox-unchecked.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/close-button.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/de_deutschland_flag_german_germany_icon.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/Disabled.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/downarrow.png - archive damaged - the file could not be extracted.
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/europeanunion.png - error - password-protected file
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe » ZIP » images/patcher/fr.png - error - password-protected file

OldEguy

#11
So posting 21 pages of a scan probably isn't going to be too helpful.  I'm posting the last part of the scan file that shows the only virus that was deleted - SunnyDigits

C:\Windows\System32\DriverStore\FileRepository\lgsfmouhid.inf_amd64_neutral_7704a84ec2ea5556\LkmdfCoInst.dll » CAB » Microsoft Kernel-Mode Driver Framework Install-v1.9-Vista.msu - archive damaged - the file could not be extracted.
C:\Windows\System32\DriverStore\FileRepository\lgsfusbfilt.inf_amd64_neutral_c58ae453c0b215ec\LkmdfCoInst.dll » CAB » Microsoft Kernel-Mode Driver Framework Install-v1.9-Vista.msu - archive damaged - the file could not be extracted.
C:\Windows\System32\LkmdfCoInst.dll » CAB » Microsoft Kernel-Mode Driver Framework Install-v1.9-Vista.msu - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\Inject.dll - a variant of Win32/SunnyDigits.A trojan - cleaned by deleting [1]
Number of scanned objects: 339462
Number of threats found: 1
Number of cleaned objects: 1
Time of completion: 4:46:43 PM  Total scanning time: 1720 sec (00:28:40)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

SuperDave

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Please give me an update on your computer.
Windows 8 and Windows 10 dual boot with two SSD's

OldEguy

SuperDave,

I tried to download the JavaRA.exe but the link you gave me sent me to a page that no longer exist.  I tried going to Control Panel>Programs>Programs and Features to see what version I had and there was no listing for Java at all.  Weird.  So using IE (since I couldn't use Chrome), I uploaded the newest version of Java. 

I tried to delete the copy of the hidden folder that was on my desktop and it worked!  However, the original one that is still on my hard drive still won't come off.  (BTW, I checked to see if that drive needed defragging but it said that it was at 0% defragged.  My OS is on my primary drive which is an SSD.) 
When I looked at the Properties of the file, it says:
Size: 0 bytes
Size on disk:  0 bytes
Contains:  0 files, 257 folders

Nothing seems to be running oddly on my computer, but I haven't run any more scans per your request.

SuperDave

QuoteI tried to delete the copy of the hidden folder that was on my desktop and it worked!
You just deleted the shortcut.
QuoteIt's on my hard drive that I use for storage.
I wouldn't worry too much about that folder especially if it's on your storage drive. Is there anything else?
Windows 8 and Windows 10 dual boot with two SSD's

OldEguy

If you're not worried about it then I'm not worried about it.  Thanks so much for the help!

SuperDave

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Windows 8 and Windows 10 dual boot with two SSD's