Cleaning Essentials reports 'failed' on certain items

skahan · September 17, 2012, 10:46pm

I ran a full scan and most of the items were taken care of but some say ‘failed’. Is there anything else I can do? I’ve attached the image of what items failed to be cleaned.

All of the items are located at c:\windows$NTUninstallKB5332$\276063608

Any assistance greatly appreciated.

(I can see the path to the $NTUninstallKB… at a DOS prompt but can’t see the 276063608 subdirectory at all.)

miloszcz · September 17, 2012, 10:50pm

That looks like ZeroAccess Rootkit infection

skahan · September 17, 2012, 11:03pm

i tried Norton’s Zero access cleaning tool but it reported no infections found. I’ll see what others suggest and try things. Thanks!

languy99 · September 17, 2012, 11:17pm

try kaspersky’s TDSS killer

skahan · September 17, 2012, 11:25pm

Nope. I think I have to figure out what type of infection it is. Anyone know for sure?

skahan · September 17, 2012, 11:40pm

To clarify, I tried the TDSSKiller and it did not work. That’s what I meant by “NOPE”. I do appreciate the idea.

languy99 · September 17, 2012, 11:41pm

try this, download kaspersky rescue disk boot from it and do a full scan. http://support.kaspersky.com/faq/?qid=208282173

gvvsss · September 18, 2012, 2:52am

download and install “Free commander” from ths site
http://www.freecommander.com/
or
direct link
http://www.freecommander.com/fc_setup_.zip

Browse to the specific folder you mentioned and try to copy or zip those files. If you could do that please send the samples to me at gvvsss@gmail.com.

If you could actually browse that path, after making a backup, try to delete them, see if they can be deleted or not.

skahan · September 19, 2012, 10:57am

I tried free commander and although I can see the path I can’t do much with it (access denied). I am in the process of trying Kapersky Rescue Disk. I’m wondering if booting from a Comodo usb or disk might be able to eradicate the problem (I’ve been only doing it from a Win 7 install.

I’ll let you know how Kapersky Rescue Disk goes…

Thanks again to all for the suggestions.

gvvsss · September 19, 2012, 2:09pm

It means that the user does not have enough rights to operate on the folder. You can change this in the Security Tab, in Properties section of the folder. Give “everyone” or “users” full permissions, including subfolders of this folder. That may solve your problem.
This particularly happens in case of KIDO infection, where the folder permissions are changed by the malware.

Best of luck with this, I have seen it work better in most cases.