Special experience: encountering an alternative "virus that cannot be deleted"

Source: Internet
Author: User

With the popularization of unlimited bandwidth, many friends love to host up 24 hours a day to facilitate BT download. Around the clock online, it brings great convenience to some viruses and Trojans "intrude" systems. They can intrude into our computers in the middle of the night, and do nothing. Recently, when I helped a friend kill viruses, I encountered a "virus that cannot be deleted". I will share my experience with you.

1. Detect the virus. My friend installed Windows XP Professional Edition on his computer. Recently, BT was often used to download movies during night boot. I didn't expect Norton to report that Detected virus exporer.exe "(1), but after using Norton scan, although the virus can be found, Norton prompts that the virus file cannot be isolated and deleted (2 ).

2. Scan and kill. Follow the path provided by Norton to find the virus file and press Shift to right-click and select "delete ", the strange thing is that the system prompts that the file cannot be deleted (3). Open the task manager again and I am sure that the virus process has been terminated and is not in the write protection status. Why can't I delete it? I tried The folder is deleted, but it is also rejected by the system. Restarting the computer is still the same result.

Later, when you click the upload extension exporer.exe attribute (check the file generation date and size so that you can search for viruses and no Associates), you may find that the attribute window has a "security" tag, after clicking this button, you can see that the deny option of "special permission" in the user permission list is checked (4). Will it be because the File Permission is insufficient and cannot be deleted? ".


The file (folder) Attribute "security" label will only appear in the NTFS format partition. If you cannot see this label, open my computer and click "Tools> Folder Options> View ", in the advanced settings option, remove the small check mark before "simple file sharing (recommended.

The pen tries to delete the file after deleting "exporer.exe ". Folder. After being rejected by the system, you can view the "Security" attribute of the folder. You can also find that the permission to delete (delete subfolders and files) is rejected (7), as shown in the preceding figure, after the restriction is removed, the virus is "swept out ". For files (folders), if the operation is denied due to permission reasons, you can set the permission to "full control.


(1) permissions can be inherited. Sometimes, after a file security attribute label is opened, the "delete denied" permission may not be available in Figure 4, however, if its parent folder is set to "reject the deletion of subfolders and files", the file still cannot be deleted. The solution is to set the File Permission to full control.

(2) The File Permission is associated with the file owner. For office computers with multiple accounts, some people with ulterior motives may also map Trojans with users (for accounts with low computer operation levels and with low vigilance and easy to steal data). If Trojan viruses are detected, they may be associated with the corresponding accounts, that is, some users will run after logging on, while others will not (the trojan file permission is set to prohibit reading and deletion). At this time, you can log on as a system administrator, forcibly change the trojan file owner to the current user and set it to full control to delete the Trojan.

(3) A little experience. The file (folder) Permission of Windows XP/2000 is a special function of the system. It allows you to flexibly set different permissions for different users, some wrapper set the virus program file to allow "read and run" and reject "delete" to achieve better "self-protection ". Because File Permission modification operations are complex, hackers generally need to manually operate on the host machine. For friends who love to hook up around the clock, install a firewall with better protection capabilities and disable unnecessary ports, this can effectively prevent such virus attacks. If the virus cannot be deleted, you must check whether the File Permission has been changed when the process is terminated.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.