I have a fresh WinXP install, with Comodo and Avast. Everything is fully updated. All install media were verified for viruses prior to the installation.
The other HD holds my previous Windows install, and nothing there has ever been executed or booted since the new install.
As I browsed thru the older install, in order to delete files to minimize a full backup, I ran thru some big .EXE files, all of them install kits of several packages (Nero, Logitech, etc).
The problem is, during several deletions, I got a message saying that either the filesystem was READ-ONLY or the file was IN USE, and therefore the latter couldn’t be deleted.
When the file was relatively small, a second or third try would succeed. But a BIG file (100MB+) couldn’t be deleted. I even rebooted and stopped Avast on-access scanner to no avail. But after I changed the file’s extension to .TXT the HD lit up for about 4 secs and then I was able to delete the file.
Based on this I have some candidates for a culprit:
– Comodo;
– Avast VRDB (Virus Recovery database) generator;
– System Restore (active for that drive);
– Unperceived virus activity;
– A CMOS virus.
Which of those could it be? Experts’ opinions are very welcome.
Could be any of those, true. I’ve seen this sort of thing on systems known to be clean, though. Windows itself and/or the registry is/was keeping the file in an ‘in-use’ or locked state, so it could not be deleted.
A lot of times cleaning out the registry of rogue/orphaned/unused entries, rebooting, and trying again has frequently done the trick.
Other times I’ve used an unlocker application. Even if it can’t unlock the file, it can generally be set to delete on next boot.
Hope that helps,
LM
Well, I do not know if this will work in XP…cough…but it works in win 2k pro,
I use 2 little programs, one that is old, and one not so old.
These programs are referred to as “system wipers”.
Actualy, the old one is named “Systemwiper.exe” and the other I picked up from
a freebie site, called “CCleaner”.
Now the programs are not important as what they do. They simply go thru such common things as temp files, internet cookie cr*p and the like.
What tends to show up, is what CANNOT be deleted. This would be any temp file that is currently in use. If you have a simple wiper that performs this task, use it. See if a file shows up that cannot be deleted.
If this is the case, it gives you something to start with. You may be able to google the name of the temp file and gain some info as to what it belongs to.
With that in hand, the next thing I would do is look thru the registry to see if you can find this culprit.
Again, I use an oldie but goodie for this called RegCleaner.exe. This is a pretty powerful utility that will show you a whole host of info.
I tend to use older programs because the new stuff does not know how to handle them, and thus is more likely to show up.
With the proper entries either deleted or renamed in the registry, (YES, BACK UP YOUR REGISTRY), and with the un-deletable files marked for deletion on reboot, reboot your system and see if this does the trick. This is my recipe anyway, it has worked for me when an unknown item is running, and does not make itself apparent.
Remember, messing with your system registry can be dangerous. ALWAYS back it up before making any changes. If it goes ■■■■■ on you, you should be able to boot to safe mode and restore the backup.
Sorry if this is a bit long winded, I am no expert by any stretch. I just know what works for me. 