Resolve unable to delete virus file processing method _ virus killing

Source: Internet
Author: User
Tags file permissions
With unlimited broadband popularity, in order to facilitate BT download, many friends love 24-hour hanging machine. All-weather online, which gives some viruses, trojans "intrusion" system has brought great convenience, they can invade our computer in the middle of the night, wanton abuse. Recently, the author in helping a friend antivirus, encountered a "cannot remove virus", the following will be killing experience with everyone to share.
1. Virus discovered. The friend's computer installs is the Windows XP Professional Edition, recently often the night boot uses the BT to download the movie, unexpectedly in a boot time, the Norton reported in the next discovery virus "Exporer.exe", but after using the Norton Scan, although may discover the virus, However, Norton prompts that virus files cannot be quarantined and deleted.

2. Killing. In general, if the virus can not be directly deleted, mostly due to the virus process in the running, open Task Manager, find the virus process "exporer.exe" smooth its termination, according to Norton to provide the virus file path, find the virus file, hold down the SHIFT key to select "Delete", The strange thing is that the system is not able to delete the file, open Task Manager again, I have been convinced that the virus process is terminated, and is not write-protected state, why can not be deleted? I tried to delete the folder, but it was also rejected by the system, which is still the same result.

Later, the author looked at the "Exporer.exe" attribute (see file generation date and size, so as to search for a virus and there is no accomplice), accidentally found that the property window also has a "Security" tab, click on the User Rights list "special permissions" of the rejection option was hit on the hook, Is there a lack of file permissions that could not be deleted? Click the "Advanced" button, in the pop-up window I see a "Deny Delete" permission, click "Edit" finally see the file can not delete the real reason, the original current user's deletion permission was set to reject the virus, but allow "read and run, After you cancel the denied permission, return to the File Properties window, check "Allow Full Control", and click OK to delete the "Exporer.exe" after you exit.

Small Tips

The file (folder) property "Security" tab will only appear in NTFS-formatted partitions, if you do not see this tab, open My Computer, click tools → folder options → view, and then go down in the Advanced settings option except for "Simple File Sharing (recommended)" before the tick.

The author deletes "Exporer.exe" after trying to delete the folder, was rejected by the system, by looking at the folder's "Security" property, the same can be found to delete permissions (delete subfolders and files, delete) was rejected, ditto, remove this restriction after the virus "swept out". In the case of a file (folder), if the operation is denied because of permissions, the permissions are generally set to full control.

Small Tips

(1) Permissions can be inherited, sometimes when you open a file security attribute label, you may not have the Deny delete permission in Figure 4, but if it has a parent folder that refuses to delete subfolders and files, the file cannot be deleted, and the solution is to set the file permissions to full control.

(2) file permissions are associated with the file owner, for the office of multiple account computers, some people may have ulterior motives of the Trojan and users will be corresponding (to the computer operating low level of account, vigilance is not high easy to steal information), if the Trojan virus will be linked with the corresponding account, that is, some users log in after the Trojan will run, While others will not (Trojan file permissions are set to prohibit read and delete), you can log on as a system administrator, forcibly change the owner of the Trojan file to the current user, and then set for full control to remove the Trojan.

(3) A little experience. Windows xp/2000 File (folder) permissions are a special feature of the system that allows you to flexibly set different permissions for different users, and some Wrangler can achieve better "self-protection" by setting the virus program file to allow "read and run" and rejecting "delete". Because changing file permissions is more complex, the drug users generally in the host to operate in person, for the love of All-weather hanging friends, install a good protection capability of the firewall, close some do not have to serve mouth, can effectively prevent such virus attacks, if found that the virus can not be deleted, in the case of the termination process, Everyone must see if file permissions have been changed.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.