Cannot delete trojan file

[pain55]

C:/Windows/System32/drivers/swjghtws.sys

That file is a trojan detected by hitman pro, avira and malwarebytes. They could not delete it so i manually tried to delete the file, however an error came up saying : cannot read from the source file or disk.

Please can someone help, its a virus and it just won't get deleted.
Thanks in advance.

 

[richc46]

Hopefully, someone with more expertise in malware removal will come by, but until then here is something to keep you busy. Hope that it works out.

Ultimate Malware Removal Guide -- Purge Your PC of Junk Files! | Maximum PC

 

[pain55]

plz can someone help
plz i dont want to re install windows

 

[richc46]

OK, that is your decision. Read the link that I left you.

 

[pain55]

thank you for help mate
much appreciated

 

[Katokato]

Go to google and type in AVG rescue CD, and download the ISO and burn it, and boot with it, make sure u update it, and then run a scan.

 

[Blackhawk7188]

Have your tried Microsoft Security Essentials? Its free and constantly updated with new virus definitions. I have used it since it cam out and works awesome. Should take it away without a problem.

Hope this helps.

 

[pain55]

Thanks for replies guys,

If i try to re-name the file, or move it, another error comes up saying:

'a device attached to the system is not functioning'

Please can someone help, this seems to be a file error of some kind...

 

[Francis James]

have you tried to quarantine it?

 

[pain55]

have you tried to quarantine it?

Yup i have
the file gets quarantined in avira but when i try to delete it, the same error comes up

 

[Katokato]

Try taking ownership of the file. Add "Take Ownership" to Explorer Right-Click Menu in Win 7 or Vista - How-To Geek

Become system account (equivalent to root in linux). Enable Vista's hidden administrator, and password-protect its XP equivalent | Workers' Edge - CNET News

Have you tried doing this in safe mode? repeatedly press f8 on startup (usually after the post screen).

Try running sfc /scannow to check for file integrity

Use a file shredder/deleter program: File Deleter - Free software downloads and software reviews - CNET Download.com

Go to google and type in AVG rescue CD, and download the ISO and burn it, and boot with it, make sure u update it, and then run a scan.

^^^^^^^^^^^^^^^^^Have you tried that?^^^^^^^^^^^^^^^^^^^^

 

[niemiro]

Hello,

If that guide that Richard send you has not helped, then follow this. There is a high chance that this is not the only file that is in this one virus. Often there is other evil code at work stopping any attempts to remove any other parts. Please download and run the beta HiJackThis generating a log file. Save and upload the log file here and I will take a look at it for you. Remember, if this is a bad virus, then removal could be very complex. If you are not comforatable with this, let me at least have a look at the HiJackThis log and ask someone to help.

HijackThis - Trend Micro USA

Richard

 

[pain55]

Hello,

If that guide that Richard send you has not helped, then follow this. There is a high chance that this is not the only file that is in this one virus. Often there is other evil code at work stopping any attempts to remove any other parts. Please download and run the beta HiJackThis generating a log file. Save and upload the log file here and I will take a look at it for you. Remember, if this is a bad virus, then removal could be very complex. If you are not comforatable with this, let me at least have a look at the HiJackThis log and ask someone to help.

HijackThis - Trend Micro USA

Richard

Ok i will try to
thanks for help guys

 

[wheelsmith]

have you tried using the removal tools in safe mode?

 

[MilesAhead]

C:/Windows/System32/drivers/swjghtws.sys

That file is a trojan detected by hitman pro, avira and malwarebytes. They could not delete it so i manually tried to delete the file, however an error came up saying : cannot read from the source file or disk.

Please can someone help, its a virus and it just won't get deleted.
Thanks in advance.

It seems odd that searching that filename didn't turn up a single additional hit. Just this one. Are you sure you don't have a virtual CD or some other virtual device installed?

 

[hariharan]

Do this.

Type msconfig in the Start Menu search.

Select Diagnoistic startup.

click apply and ok, then reboot.

During reboot go to safe mode by pressing F8 before Vista's Boot logo/Screen.

in safe mode try running that scan and delete the particular file.

Reboot in normal.

Check for the Virus/Trojan by rescanning again in Normal mode.

if system works perfectly then type msconfig in Start Menu Search box

Select Normal instead of Diagnoistic, click apply and ok and reboot.

That's it.

 

[mitchell]

Hallo pain55, just another suggestion i have not tried this but it may work.

I noted in your earlier post you have Malwarebytes installed in the "More Tools" tab is a tool called "File Assassin" you may want to give it a go?

Let us know if it is any good, i am curious

 

[pain55]

C:/Windows/System32/drivers/swjghtws.sys

That file is a trojan detected by hitman pro, avira and malwarebytes. They could not delete it so i manually tried to delete the file, however an error came up saying : cannot read from the source file or disk.

Please can someone help, its a virus and it just won't get deleted.
Thanks in advance.

It seems odd that searching that filename didn't turn up a single additional hit. Just this one. Are you sure you don't have a virtual CD or some other virtual device installed?

Well i searched up the file name and it doesn't seem to exist, also i don't think i have any virtual devices installed. By the way, when i got to the file's properties, there is no details of security etc. One final thing, the date modified time changes with every minute that passes i.e. it is almost as if it is running in the background.

 

[kristain]

Run System Restore in Safe Mode
Run the Windows System File Checker to have Windows check your important system files.
We also recommend running Ccleaner to clear out any unneeded temp file and check your registry for problems. Just be sure to backup the registry when prompted.
When searching for your boot.ini file make sure that you have the show hidden files and folders option checked in My Computer and that you select that option when searching under advanced options.
If nothing seems to work then you may want to try a Windows repair installation which will reinstall Windows and leave your programs and files intact. If you don't get the option to repair when you boot from your Windows CD then that means there is some corruption and you won’t be able to use this option. If possible it’s always a good idea to backup your data first.

 

[pain55]

Great news guys!
I decided to upgrade to windows 7... and that dodgy file has finally gone!
Thanks for all your help people :D