Can't delete possible virus.. help

I have a virus that doesn't let me enter the word virus, trojan, antivirus, etc into web browsers. It just shuts down if it detects anything of the sort in a text box. I don't have a virus scanner, but I downloaded Security Task Manager and found a .dll file that is running. According to STM, the file contains all the words that cause the browser to shut down, so I'm convinced that this is (part of, at least) the problem.

STM told me the location of the file, but since it's a demo, it won't delete it for me. So I'm trying to delete it myself. I can't find it using Windows Explorer, even when I tell it to show hidden files. I went into the command prompt and went into the directory. It does not show the file when it lists, but it lets me edit it. It also shows up when I do dir \A:H. However, it does not let me delete it. It keeps saying it can not find the file.

What do you suggest??

 

Have you tried booting into safe-mode, and deleting it that way?

(Note my preferred solution for viruses is always to reinstall the OS, but we might as well try other things first)

 

Yes, trying to boot into Safe Mode results in a blue screen :x

Reinstalling the OS is my last resort. I'll do it if there's no other way to get rid of this.

 

Try AVG Free: http://free.grisoft.com/doc/2/

It might not allow you to install the program (it being the virus), but it's worth a try. If you manage an install, you should be able to whack it.

 

Bitdefender and Kaspersky also both have free versions without the background scanning, and Eset also offers a trial for Nod32.

 

ClamWin might work too. It doesn't do background scanning (last I checked) and it's unlikely that the worm would recognize it.

 

http://www.spywareinfo.com/~merijn/programs.php

This can help with removing tough virus infections

 

I work at an IT HelpDesk and have quite a bit of experience removing malware from Windows machines, and what I've found to be the most effective way to get rid of a virus is to use a bootable LiveCD of some sort so you can access the hard drive without starting the OS on the hard drive itself.

You can either build a BartPE disk, you will need a Windows installation disk (not Vista) to be able to build one though. http://www.nu2.nu/pebuilder/
Or alternatively, you could boot into a Linux LiveCD with NTFS read/write, I'm not sure which LiveCDs have NTFS read/write by default, but the Ubuntu LiveCD might, but if it doesn't, and you have internet access you can download the ntfs-3g package to add ntfs read/write (instead of just read). You can get the Ubuntu LiveCD here: http://www.ubuntu.com/

Anyway, try reading up on those a little, if you need me to go into more detail about any of that, feel free to ask.

Oh, and by the way, if you're not certain if the file is a bad one or not, rename it instead of deleting it, that way you can always restore it if necessary (rename it to something like, original_filename.dll.suspect)

 

Oh, and, what Windows version are you running?

 

A Live CD is a great idea. Almost all of them come with virus scanners. Pick one that can write to NTFS, and use it to delete the virus after finding it.

However, report back first to let us know if any of the AV programs suggested so far did the trick.

 

Thanks for the replies.

The problem seems to be gone. I don't know why it wouldn't let me delete it, but AVG found it instantly and got rid of it.

Blue screen in Safe Mode problem still remains. I'll figure that out later.

 

I have a boot CD that I was planning on using if all of the above failed. It comes with a bunch of system utilities, virus scanners, etc.

Luckily, AVG caught it. Thank you

 

Awesome.

 

Try repairing from the installation CD. The virus might have tried to throw you for a loop, since most people boot to safe mode for removal. If a simple repair doesn't do it, you can either restore or do more research into the particular virus you had to see what it deleted.

 

SystemRescueCD has ntfs3g by default, but I don't think it has a virus scanner. I'm sure it wouldn't be too difficult to rebuild the ISO with clamav or bitdefender linux.