• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

There's a file that is 0 bytes but I can't erase it! help please!

J

JuanTabonia

Member
this is slightly embarrassing....I decided to try to download a paris hilton vid clip using LimeWire. A MPG file got downloaded onto my computer and when I go to the folder, I see the file but I cannot delete it. It is 0 bytes and when I right-click, the normal list of options (copy, paste, properties, etc) are not there.

Any help? thank you! 🙂
 
Try this:

1) download HijackThis from here

2) extract the HijackThis.exe from the Zip file

3) run it and click the Open the Misc Tools section button

4) use the "Delete a file on reboot" button and see if that works

5) couldn't hurt to run the Scan And Save Logfile either, and post the output here for a look-over.
 
Thanks for your quick reply. I tried the "delete file on reboot" and selected the file, but then HijackThis said "not a valid filename".

Below is the scan log. 2 lines look suspicious to me because they're in a folder called "MyWaySA"...
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

LOG:
Logfile of HijackThis v1.99.1
Scan saved at 6:56:48 PM, on 3/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Strokeit\strokeit.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CPal\CPal.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\mshta.exe
C:\Documents and Settings\*\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - Startup: Cookie Pal.lnk = C:\Program Files\CPal\CPal.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

 
Yeah, I would use HJT to keel all the MyWaySearchAssailant stuff and what's that C:\Program Files\CPal thing, legit or ??? Dump your output into http://hijackthis.de and check the stuff in yellow and red, some of it's probably your own stuff.

Before you keel stuff 😀 you should grab WinSockFix and also the Microsoft AntiSpyware beta software from MS's site.
 
The CPal is Cookie Pal, it's a cookie blocker program. It's legit. I realized the MyWay stuff is probably built-in Dell crap. Thanks MechBgon for the link to analyse the output file. Nothing seems to be an obvious culprit. Hmm, I'll try safe mode next...
 
MyWaySearchAssistant, I don't think it would be Dell's stuff. Or else they're more evil than I realized :Q

Let me suggest again that you get WinSockFix so you can repair your Internet connection if it is messed up when you pry MWSA off of your computer. And get the Microsoft Antispyware software and run an exhaustive scan. You can let it run overnight if it's got a lot of data to go through.
 
Originally posted by: mechBgon
MyWaySearchAssistant, I don't think it would be Dell's stuff. Or else they're more evil than I realized :Q
Click to expand...
Actually, there was a big thread about that over on DSLR about MyWaySA and Dell and Dell now bundling "spyware" or not. There was a question of whether Dell was actually bundling the software pre-installed, or the fact that IE comes pre-configured to go to their web page as a homepage or search page, and then it surruptitiously installs from there.

But there is definately a connection, and a high probability that Dell was somehow involved in how it got onto the machine. Yes, Dell is "slipping" a bit, at least on their consumer systems. (Apparently the systems ordered from their business divisions don't have that sort of stuff pre-installed, thankfully.)
 
Originally posted by: VirtualLarry
Originally posted by: mechBgon
MyWaySearchAssistant, I don't think it would be Dell's stuff. Or else they're more evil than I realized :Q
Click to expand...
Actually, there was a big thread about that over on DSLR about MyWaySA and Dell and Dell now bundling "spyware" or not. There was a question of whether Dell was actually bundling the software pre-installed, or the fact that IE comes pre-configured to go to their web page as a homepage or search page, and then it surruptitiously installs from there.

But there is definately a connection, and a high probability that Dell was somehow involved in how it got onto the machine. Yes, Dell is "slipping" a bit, at least on their consumer systems. (Apparently the systems ordered from their business divisions don't have that sort of stuff pre-installed, thankfully.)
Click to expand...
:Q

It scares me to think of older home PCs out there, probably still running useless Norton Antivirus 2002 with definitions that expired years ago. "Honey, let's get the high-speed Internet! See, it's only $30 more per month since we have cable TV..." and in come the worms, the spyware, the 10 things per day the kids can download on the new wonder-pipe... oh, and what's this about "firewalls?" No no, we keep the computer well away from combustible stuff.

Welcome to my botnet, says some guy on a different continent. Enjoy your stay.

 
Here's the status of what I've tried so far:
I found the My Way SA in the "Add or Remove Programs" list and removed it. The processes are gone from the HijackThis log too.
Then I ran the MS Anti-Spyware Beta program, and it did not detect anything. I have NOT run the Winsockfix.exe yet. Should I try that?
I also tried deleting the file while in safe mode, but to no avail. It is like the file name is listed but the computer does not recognize it as an existing file. The right-click menu shows Play, Send To, etc. I tried sending it to another folder but that does not work either.

From the logfile analyzer, there is one more suspicious looking line. Does this look suspicious to you?
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

Any more suggestions? Thanks everyone for your help 🙂
 
If your system has a Drive-Letter Access packet-writing software for your CD burner, then the Drive Letter Access thing would make sense. DirectCD or ???
 
Originally posted by: rleemhui
try DOS!!!
Click to expand...

I am running Windows XP on a new Dell Dimension. How do I get into DOS? I know if you hold down F8 when booting up, I can boot into a command prompt, but is that the same?
 
Originally posted by: VirtualLarry
Originally posted by: mechBgon
MyWaySearchAssistant, I don't think it would be Dell's stuff. Or else they're more evil than I realized :Q
Click to expand...
Actually, there was a big thread about that over on DSLR about MyWaySA and Dell and Dell now bundling "spyware" or not. There was a question of whether Dell was actually bundling the software pre-installed, or the fact that IE comes pre-configured to go to their web page as a homepage or search page, and then it surruptitiously installs from there.

But there is definately a connection, and a high probability that Dell was somehow involved in how it got onto the machine. Yes, Dell is "slipping" a bit, at least on their consumer systems. (Apparently the systems ordered from their business divisions don't have that sort of stuff pre-installed, thankfully.)
Click to expand...

why not compaq was putting backweb lite into thier bundled systems:disgust:

 
Originally posted by: daniel49
why not compaq was putting backweb lite into thier bundled systems:disgust:
Click to expand...
Speaking of Backweb.. OMG, don't get me started...

WD's downloadable, bootable, "Data Lifeguard" floppy - includes "Backweb" spyware in it. A d*** diagnostic disk, mind you. One that is normally used, when you may be having critical hardware-level HD problems, and writing to the drive, should be specifically prohibited, until you obtain a diagnosis of whether or not it's a drive/hardware problem or not. And yet - version 2.6 (IIRC), will write the Backweb spyware "hooks" onto your system, before you even get to the diagnostics menu!!!. Truely, truely evil stuff.

DLGDIAG 2.8 isn't much better, after viewing the EULA, you have to be careful not to hit an additional key, because the software doesn't flush the keyboard buffer, and if you hit any other key besides "N", the Backweb stuff is installed automatically on you. It's all too easy if you run through the prompts too quickly, or aren't careful.

Even more fun, is that with Win9x systems, or I guess anything running a FAT filesystem, even booting the DOS-mode bootable diag disk will "infect", because it writes some bootloader files and a batch file into the user's "Startup" folder, that will automatically get executed the next time that they start Win9x.

I think DLGDIAG 5.03 is "clean", haven't seen any evidence of it installing anything on me, and I don't think it prompts anymore either. (Plus, it will "see" WD drives on a Promise TX2 PCI IDE controller card too.)

Do I dare mention HP and Lexmark's phone-home printer drivers??? Who the heck comes up with this stuff. Next thing you know, my television will be taking full-color photographs of my facial expressions watching tv (well, I don't, but speaking hypothetically here), and send those pictures via WiFi to my fridge, which sends it via Bluetooth to my printer, which sends it via USB to the PC, and surruptiously phones home with the pictures, and I mysteriously end up on the printer mfg's new marketing campaign, shown in a small obliquely-angle "sample" printout hidden in the ad...

I think all corporations should be required, by law, to all change their name to "Big Brother". So we can buy Big Brother brand TV's at BigBrother-Mart, buy our groceries at Super-BigBrother-Shop, and eat at McBigBrother's. Who said "family values" were a thing of the past? The Repubs will usher in a "new era of (Big)Brotherhood!" Remember kids, super multi-national all-seeing, all-knowning, all-powerful corporations are good for you!
 
Come on, people...the OP's problem is getting buried in this spyware to and fro.

Juan, yes, the command prompt is fine. XP doesn't have "Dos". And if you're drive is formatted in NTFS via FAT32, a Dos bootdisk wouldn't work, either, because Dos can't see NTFS.

Try this little utility called "Killbox". People have had good success with it. Follow the instructions on the page I'm linking to!

Killbox info and download page
 
I tried to use Killbox...I could select the file, but when I pressed OK, it would not take it.
I finally had the sense to transfer all the files out of that folder (except THAT one), and then I deleted the folder. And....it worked! I don't know why I didn't think of that much sooner.

Thank you everyone for your assistance on this matter. Anandtech is so great because people will respond w/ help in just a few minutes, sometimes even seconds, of posting!
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top