I use AVG FREE which I consider to be as good or supirior to alot of pay protection. Over the last couple of months there have been some trojans showing up that AVG detects but can not heal or remove because of where they hide and that they block access to the folders as if the were op system folders. If you are less computer savy this can present a problem because you will not be able to open Run... in the start menu and go after them. But all is not lost and I will teach you how to get them to the virus vault or deleted.
Before I get to the how I would like to speak about the nature of an Operating System (OS) so you can understand what exactly is going on a bit better. An OS is not like a book where things in the index will be on a page and you can just turn to it, the best analogy I know is to think of it as a city. Each folder is a building and each file a room. There are many streets and alleys you can take to get to where you need to go. the trick is the streets change now and then and sometimes the same room can be accessed threw several buildings. Hope that didn't confuse you.
Now to the Killing.
Most AVs use a predetermined path and if that paths access is block then the AV is blocked and that is what these new trojans are doing. When your AV runs a scan it will Identify a threat and try to Heal it Or lock it in a vault. If the AV test results show you that X number of threats were found and 0 threats were healed, you need to take a closer look. Open up the test results and scroll down to the threat and the line will tell you what kind of bug it is and the file path to it. Right click on it in the test results and try to manually heal/move/delete it. If that fails you need to take a different route to the containing folder and manually remove the files.
Keep the test results open and go to the top of the columand slide the column devider over so you can see the complete file path. Then follow these instructions
Start menu
search
files and folders
Type in the entire file path such as C:\System Volume Information.... and run the search.
once the search turns up a result right click on the item and hit open containing folder. The folder that opens will have a name at the top that is part of the line you typed in the search box. bring up the search window and locate those characters in the info you typed in. once you see that, the file you are looking for will be named everything after the folder name. Go back over to the folder and find the file. (Example below.)
left click once on the file to high light it. Your AV program should open a box telling you the file is infected and giving you some options. If you try the heal/move/delete options you will probably get the access denied box again. Click on the ignore option or the X to close the box. Right click on the file (if the warning box pops up again hit ignore or X again) and hit delete. a box will pop up that asks if you want to move this item to the trash. Hit yes. This will use a different "doorway" to move the file and most times can not be denied by any file. When it is in the trash bin the file now has a different file path and can not block you access to it. Close every thing and open the trash/recycling bin.
Find the file in there and right click to high light it. the AV warning box will open once again. This time hit the move to virus vault option. This will get the bug in the vault and your AV will watch for that same bug before it gets down loaded and block it.
Here is an example of the file path for one I just dug out yesterday.
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-AEE-E7EE68E6A93B}\RP236\A0941728.dll
The folder name is RP236 and the File name is A0941728.dll
The AV will come up with multiple hits for the same trojan because it has more than 1 file, they should all be cantained in the same folder with a different file name so when you get into the folder look for each one and remove it to the trash as explained. the folder should have them in order and 1 will have the extension .dll the rst should have the extension exe.
sorry if some of my terminology is bad Im completely self taught I learned by doing (lots of crashes)
Happy hunting.
Full Version: Killing Access Denied Trojans. For The Newbs
excellent tut PH8AL 
thank you...and glad it's not written in *techie*
thank you...and glad it's not written in *techie*
Excellent! That's the easiest way I know if you have system restore turned on. Good job! :a013:
If you have system restore turned off this will work just as well:
Find the .dll location.
Now goto RUN
and type this according to where it is:
regsvr32 /u c:\whereitis\itsname.dll
Reboot and delete the .dll.
This function will unregister the dll and make it where you can delete it.
If you have system restore turned off this will work just as well:
Find the .dll location.
Now goto RUN
and type this according to where it is:
regsvr32 /u c:\whereitis\itsname.dll
Reboot and delete the .dll.
This function will unregister the dll and make it where you can delete it.
i had trouble with a trojan short while back it deleted with a unlocker i got as freeware just kills the process then deletes the little bleeder......although this doesnt work with them all had one that kept morphing from one file to another went through 4 spyware progs till i found one to completely destroy the little sucker, thanks for this i will try that soon no doubt, not that i visit nasty little sitesies 
much 
much
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.