Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Virus cannot be deleted

  1. Jul 16, 2010 #1
    My comp recently just caught an virus and I have tired many anti-virus programs to remove it and so far, no luck.

    Avast reported the file that is infected, but is unable to delete it. So I decided to check it myself, it's a file in my systems/drivers and when I tired to delete it. It saids the following "Cannot delete uwvwibuv: Cannot read from the source file or disk.". I have tired using "Unlock" to delete it, doesn't work.

    Note, this virus is also causing all my anti-virus programs not to connect online, so I cannot update them. I have tried using Malwarebytes-antiware, doesn't detect it. I can't use system restore because it's being blocked by group policy after "I caught the virus" (Worked before).
    I had tired running in safe mode, checking task for unknown programs, and I can't delete it.

    Anyone have any ideas or suggestions?
  2. jcsd
  3. Jul 16, 2010 #2


    User Avatar

    Staff: Mentor

    What is the name of the virus?
  4. Jul 16, 2010 #3
  5. Jul 16, 2010 #4
    Try moving the file to desktop and then use Unlock, if that doesn't work, can you like copy and paste the file name, with the extension?
  6. Jul 16, 2010 #5


    User Avatar
    Gold Member

    Have you been allowing Avast to automatically update? Their virus definitions and defenses get updated at least once a day, so they're much more current than McAfee or Symantic. If you can't access their site from your machine, get someone to download the most current home version and let it update once, then burn that to a CD and see if you can run it from the CD on your infected machine. If it's on a CD that has been finalized, the virus can't modify the files. Good luck.
  7. Jul 16, 2010 #6
    If using Windows, can you not boot up in "system" mode and get to a DOS prompt before Windows loads? Usually during the boot process, while it's still in DOS mode, it briefly asks you if you want to boot up in DOS or Windows. But it's only for a few seconds and then defaults to Windows. Have to watch for the event and then quickly choose DOS. Or perhaps it is another mechanism on your machine such as pressing the F1 key during a particular point in the boot up. Find out how to do it. Then just use the DOS DEL command on the file. Even if the file has attributes that prevent normal deletion, you can override those attributes and still delete it. However since it's a driver, deleting it will likely prevent some program from running and if it's a system driver it may even impact the normal operation of the system or even prevent the system from working or even booting up.

    Also, in Windows can do: All Programs/accessories/system tools/system restore. And then choose a date from the displayed calendar, say several days before the infection, to restore your system to a previous state. This restore only restores system files.
    Last edited: Jul 16, 2010
  8. Jul 16, 2010 #7
    I don't think you can boot a OS in true DOS as of XP as far as I have experienced lately. I do know that if you make a DOS boot drive/stick (look up the process online) you can delete the file using this procedure. I bet there is another hidden file that will replicate the file again. Some malware removers can operate from a DOS OS so perhaps you can run one of these. I will have to do some more reading to be sure. Linux boot drives can be used for this as well.
  9. Jul 17, 2010 #8


    User Avatar
    Science Advisor
    Gold Member
    2017 Award

    Last edited by a moderator: Apr 25, 2017
  10. Jul 18, 2010 #9
    If you can, install LINUX as your operating system, then you'll be able to delete the virus and go back to windows, or you might like LINUX so much that you turn your back on Bill Gates and his evil empire forever.
  11. Jul 18, 2010 #10
    lol i love linux, but not so much that i turn my back on bill gates:smile:
  12. Jul 19, 2010 #11
    The empire won back my heart with W7. Plus the empire has cooler outfits and theme music than the Rebellion. I just wish Bill would go ahead and put on the black robe. He is already pale and has bad hair. Halfway there.
  13. Mar 28, 2011 #12
    Which antivirus programs did you use? There's a new one in the market which I heard can remove harmful software that other popular software like Kaspersky & ENod can't. Try to check google for some rising antivirus reviews and see if it also works for you.
  14. Mar 28, 2011 #13
    Just for the record, I've found Avast to be an extremely poor AV solution.

    I had a computer given to me for repair which had a virus that disabled one piece of AV and took over Avast. So be weary of what it tells you.
  15. Mar 28, 2011 #14
    A couple other hints:

    You should be able to boot into "Safe Mode" on Widows, often hitting F8 during boot does this, but watch the prompts as they flash past. Then it's may be possible to delete files which are otherwise locked. When deleting, go look for Temporary Internet Files and other cached versions of the same thing.

    When your anti-virus software can't connect, it's usually because someone-bad has installed a fake proxy which redirects those connection requests. Look for something like /hosts -- actually I don't remember the windows files that might be the culprits, so some google is in order. And check your Control Panel -> "Internet Options", they might slip the proxy in there as well.
  16. Mar 28, 2011 #15
    Don't try to manually remove the virus.

    Start your computer in Safe-mode in the way described above. Follow this http://www.combofix.org/" and download ComboFix. Follow the instructions on their page and it should remove most any virus you would run across.

    Also this is an old thread and his problem has probably been solved a while ago.
    Last edited by a moderator: Apr 25, 2017
  17. Apr 3, 2011 #16


    User Avatar

    Just as a FYI if anyone comes across this thread; you should never run Combofix unless told to by someone trained with the program. It is very dangerous. See this: http://www.bleepingcomputer.com/forums/topic273628.html
    Last edited by a moderator: Apr 25, 2017
Share this great discussion with others via Reddit, Google+, Twitter, or Facebook