Phantom jpg can't delete.

Status
Not open for further replies.
I'm in England and my favourite fooball (soccer) team are playing away tonight. So I'll be off to listen to commentary on the radio shortly. Doesn't that sound exciting! :wooha:

In the meantime I'll do as you say and post back later.

One thing I'm doing for the future is I've had it with the freeware and I've ordered the latest Norton Internet Security Suite. After all if the bad guys get my bank details, my eBay details, my PayPal details, what's that going to cost me?

Not to mention the time spent having to solve these problems. If it wasn't for the good people like the ones on this board I'd be screwed.
 
Yeah I've ordered Norton. Please, please, please, don't tell me it's crap! :shocked:

I ordered it because I've got System works and I use the defrag and fast clean-up quite frequently to clean up all the rubbish on the system and under normal circumstances this seems to work well.

I am interested in hearing your recommendations though so I can find out more and maybe look to them in the future. Also, as with any board, there are always more browsers than posters and some of them will be interested in your suggestions.

As regards my problem. I downloaded and updated the programs and ran them all. The Ewido scanner found 8 threats and deleted them. Interestingly none of them matched those found with the Panda scan. So I ran the Panda scan again with the same result I posted earlier. I then deleted those files using KillBox.

The ccleaner found a load of junk and cleaned it all.

The CW Shredder found nothing.

Having done all that I ran Ewido again and no files were found. I then ran Panda again and although it found no files it reported 3 instances in the registry. I Googled these and they are all associated with browser hijacks which is not a problem I've ever had. However I checked the registry with regedit and none of the known entries were there anyway. I must admit to being a little skeptical of online scanners that want you to purchase their product.

Having done all this I rebooted and yes, my little friend is still sitting smugly on my desktop. :mad:

I have not, of course, installed sp2 because, as you say, it's no good installing on an infected system. Is it possible that this "jpg file" is just a standalone not caused by any malware but exploiting some weakness that causes an error which while it displays, because it hasn't actually any substance programs don't recognise it?

Remember it's file name is 221 characters long. Is that possible under normal circumstances? Has someone found a way of creating a file name that is illegal in the sense of it's length thereby causing the os to be unable to handle it and thus ignore it?

If not, then whatever code is supporting it is potentially very dangerous because it's seen off everything thrown at it.
 
I just tried naming a regular jpg with the file name of the "rogue" and it's about 7 characters too long.

Am I right in thinking the length of file names is controlled by a registry entry?

And if this is the case could I not alter this to accomadate the bad file thereby getting the system to recognise it and restore the option to delete it?
 
Ok, so you ran the 3 tools I listed and cleaned what was found.

I noticed in your last HijackThis log that you have avg a/v. If you still have it installed instad of norton, updated it and run it. Make sure it gives the all clear.

Go to start, then run and type in msconfig. Go to the startup tab and uncheck everything on there except for your anti virus and firewall (+ any other essentials you have). Don't reboot yet. Then download msconfig cleanup (from here - http://www.softpedia.com/get/System/Launchers-Shutdown-Tools/MSConfig-Cleanup.shtml) Run it and then reboot. Go back to msconfig startup tab and see if anything as checked itself that you unchecked. If not try deleting the file.
 
I use Startup Mechanic to manage my startup programs. So the only programs listed for startup are known to me and are necessary.

I have run AVG with no findings.

I'm still trying to find out about the registry entry for length of file names so that I can at least eliminate that possibility. It seems strange to me that I can't use the same number of characters in a file name that exist in the unwanted file. I would have thought the default number would be around 255 but I can only use 214. A strange amount, and the rogue file has 221.

I think whatever is causing this is very clever or very simple. And I'm begining to suspect it's the latter (would stroke beard thoughtfully at this point.......except I don't have one!) and it's just exploiting some characteristic of the os creating an error that Windows doesn't know what to do with.
 
"Celebrate good times..... come on!" :D

A poster on the Limewire board came up with a link to a utility called DelinvFile: http://www.purgeie.com/delinv/index.htm

What a brilliant little program. Small download and cleaned it with one click.

Many, many thanks to everyone who took the time and effort to help me with this problem. Especially Jam3s-Zer0 who took the brunt.:classic:
 
Wow thats a great program you linked to. I've just leant something new and found a new program so thank you.

Glad it turned out ok :D
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom