A Digital Age Deserves A Digital Leader

Technology, Support, and News Forum 

NOD32 - File cannot be opened (File locked) [4]

Post a reply

Postby kd1966 » Mon Sep 26, 2005 2:44 pm

I have gotten rid of it on a system about 2 months ago; I unfortunately did not document the entire procedure. Much of the procedure was in SafeMode, involved online Trendmicro and Panda scans, as well as some registry searching. I may also have used a program called BlackLight, which I use periodically to check for rootkits.................. not to mention the "usual programs" to combat spyware/adware [Spybot, AdawareSE, & Ewido]

If I remember correctly, one of the scans notified me that it was unable to delete a particular file because it was part of another file [Conveniently located in the \sys32 subdir], but also asked if I wanted to delete the entire archive............... so I answered yes - I caught at least 3 archives this way on that system, but like I said, nail.exe was only ONE of them, and I didn't document the entire procedure, so I have no way of knowing which procedure killed which "badguy"
kd1966
PRO PLATINUM
User avatar
Posts: 6831
Joined: Tue Aug 09, 2005 2:00 am
Location: USA - GSO - NC
Top

Postby NT50 » Mon Sep 26, 2005 2:57 pm

I had to go into safe mode. Delete the nail.exe file about five to six times to keep it deleted (If you use search to find nail.exe, you can delete it as soon as pops up and the search will keep finding it, do this till it stops.) Created a blank text file name Nail.txt, rename it to nail.exe and change the attrib to read only. Restart the system and it will give you an error for the winlogon shell. Regedit and get rid of the nail.exe in the winlogon shell, reboot. Now do a search for all the registery keys and files on the site you pointed out, run a spysweeper in safe mode at least 3 times in a row and run NOD32 in safe mode. Be sure to turn off system restore. Use Hijackthis to delete some entries also.
Now that I know how to do this it went from an 8 hour problem/fix to less than 30 problem/fix on the second machine.
Dogs Have Owners; Cats Have Staff
NT50
PROfessional Member
User avatar
Posts: 8220
Joined: Sat Jun 19, 2004 4:46 pm
Location: Jackson, TN USA
Real Name: Jeff Replogle
Top

Postby kd1966 » Mon Sep 26, 2005 3:26 pm

Good to hear! I have also used the explorer search function to locate the bad files as well. I had not actually created a txt file and renamed; I'm guessing you would have to have the original culprit file deleted by then? HJT is also a good "killer" - I think this may have been one of the programs that found the original archive files for some trojans and deleted the entire archive.

My "Step 1" always involves turning off System Restore................before I do anything else
kd1966
PRO PLATINUM
User avatar
Posts: 6831
Joined: Tue Aug 09, 2005 2:00 am
Location: USA - GSO - NC
Top

Postby NT50 » Mon Sep 26, 2005 3:41 pm

I used HJT to eliminate the initial culprit but it kept responding time after time.
Dogs Have Owners; Cats Have Staff
NT50
PROfessional Member
User avatar
Posts: 8220
Joined: Sat Jun 19, 2004 4:46 pm
Location: Jackson, TN USA
Real Name: Jeff Replogle
Top

Postby ma3574 » Fri Sep 30, 2005 9:41 pm

I just hate viruses so much.
>>Mo<<
ma3574
PRO Level 7
Posts: 296
Joined: Sun Jun 05, 2005 5:14 pm
Location: england
Top
Previous
Post a reply

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 1 guest

Board index
Delete all board cookies
cron
cron