Re: Virus detected in deleted user account
- From: "Shenan Stanley" <newshelper@xxxxxxxxx>
- Date: Fri, 3 Feb 2006 01:27:05 -0600
corred wrote:
Recently I tried MS Live Beta for Security and it detected a java
script, actually several of them in a deleted user account. Is this
possible and if so how can I access and delete the files?
1) Reboot.
2) Log in as a user with administrative level rights.
3) Turn off System Restore (Links on this later - review them now if
needed.)
4) Make sure you can see all hidden and system files (Instructions for this
later - review them now if needed.)
5) Go to C:\Documents and Settings and "Take Ownership" of the account
folder/files (Links on this later - review them now if needed.)
6) After taking Ownership of all the files (which may pop up warnings while
you do this), highglight the offending directory and press "SHIFT+DELETE"
and answer in the most affirmative way to all questions.
7) Reboot.
8) Log in as a user with administrative level rights.
9) Turn on System Restore (Links on this later - review them now if needed.)
10) Rescan.
(3) and (9) talk about Turning Off/On System Restore
---------------
Turn off System Restore.
http://support.microsoft.com/kb/310405
(4) points out that the account in question must be able to see all system
and hidden files in explorer.
---------------
- Open "My Computer".
- From the menu at the top, select "Tools" --> "Folder Options".
- Make sure these items are CHECKED under the "View" tab:
- Display the contents of System Folders
- Show Hidden Files and Folders (actually a radio button selection)
- Make sure this item is UNCHECKED under the "View" tab:
- Hide Protected Operating System Files
- OK your way out.
(5) Talks about taking ownership.
---------------
How to Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/kb/308421
How to disable simplified sharing & set permissions
on a shared folder in Windows XP
http://support.microsoft.com/kb/30787
If everything is 'normal' with your system - that should get rid of the
files. You may also want to download/install/user an application called
CCleaner before you rescan (like 8.5):
Ccleaner (Free!)
http://www.ccleaner.com/
Good luck - let us know how it goes!
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
.
- References:
- Virus detected in deleted user account
- From: corred
- Virus detected in deleted user account
- Prev by Date: Re: Virus detected in deleted user account
- Next by Date: Re: Downloading updates in advance
- Previous by thread: Re: Virus detected in deleted user account
- Next by thread: Re: Virus detected in deleted user account
- Index(es):
Loading
