Desperately need to delete a file
There's a DLL in my \windows\system32 directory (XP) called msephh. dll, and it contains the Backdoor-CFB virus. Very annoying. McAfee prompts me to delete or quarantine the file, but I get an Access Denied.
There's a DLL in my \windows\system32 directory (XP) called msephh.dll, and it contains the Backdoor-CFB virus. Very annoying. McAfee prompts me to delete or quarantine the file, but I get an Access Denied. I went to DOS to try to delete it, but I still get an access denied. I can't delete it in Explorer either. The weirdest thing: I reboot and load Safe mode. The DLL isn't there in Safe Mode!!! Someone on here mentioned Shift-Delete, but that doesn't work either. I even tried a System Restore (turning it off) option that I found at microsoft.com, but I still couldn't do it. How can I FORCE this file to be deleted?
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
First, bring up a Dos Prompt within windows.
Then, hit CTRL-SHIFT-ESC to bring up your task manager.
Find Explorer.exe, click on it to highlight it. Then, click the End Process button. Your windows desktop may act strangely and some icons may disappear. Pay no attention to that.
Click back into the Dos window and type cd \windows\system32 or whatever directory you are looking for. Use the command dir msephh.dll to be sure that the file is there then del msephh.dll
Type exit to leave the Dos window. Click on the start button Run then type explorer.exe or you can just reboot.
Then, hit CTRL-SHIFT-ESC to bring up your task manager.
Find Explorer.exe, click on it to highlight it. Then, click the End Process button. Your windows desktop may act strangely and some icons may disappear. Pay no attention to that.
Click back into the Dos window and type cd \windows\system32 or whatever directory you are looking for. Use the command dir msephh.dll to be sure that the file is there then del msephh.dll
Type exit to leave the Dos window. Click on the start button Run then type explorer.exe or you can just reboot.
I am not exactly certain you followed the instructions as printed since by disabling explorer.exe, in general, the protection is taken off of the files. In any case, there is apparently a process still holding onto this file that needs to be stopped prior to stopping explorer.exe in the task manager.
Sysinternals has two programs that will allow you to see what process is using what .dll. The graphic program is found here: http://www.sysinternals.com/ntw2k/freeware/procexp.shtml and the "generic" version is here: http://www.sysinternals.com/ntw2k/freeware/handle.shtml
Using either of these tools should indicate what process is connected to the .dll. You can then unregister it or end it through the task manager. Then, try the trick of disabling exporer.exe and going through the Dos prompt to delete it.
A second approach would be to run regedit and do a find on this dll. If found or several instances are found, delete those values.
Reboot. This may release its being used and you can then delete it.
Sysinternals has two programs that will allow you to see what process is using what .dll. The graphic program is found here: http://www.sysinternals.com/ntw2k/freeware/procexp.shtml and the "generic" version is here: http://www.sysinternals.com/ntw2k/freeware/handle.shtml
Using either of these tools should indicate what process is connected to the .dll. You can then unregister it or end it through the task manager. Then, try the trick of disabling exporer.exe and going through the Dos prompt to delete it.
A second approach would be to run regedit and do a find on this dll. If found or several instances are found, delete those values.
Reboot. This may release its being used and you can then delete it.
yet another way
right click/properties/security
remove all security rights (including system)
reboot
delete file
if the system doesnt have access then it can't load
right click/properties/security
remove all security rights (including system)
reboot
delete file
if the system doesnt have access then it can't load
find the file u want to delete and right click on it
then properties, then the security tab on top.
it shows a list of people and things with permissions
remove them all.
ps if a box pops up saying that inherited permissions rule
then hit that advanced button and uncheck the inherited permissions.
then properties, then the security tab on top.
it shows a list of people and things with permissions
remove them all.
ps if a box pops up saying that inherited permissions rule
then hit that advanced button and uncheck the inherited permissions.
thnx for the kudos
since i daily fix web hijackings around here there, is always that one file that loads even during a safemode boot
the only way i figured out how to remove it easily is to deny the system permission to load.
since i daily fix web hijackings around here there, is always that one file that loads even during a safemode boot
the only way i figured out how to remove it easily is to deny the system permission to load.
Alec we used to have these Windows 2000 workstations that we had to install an older MS version of Maps.
This old version would overwrite a .dll file and would error every boot.
I couldn't delete it even in safe mode and finally denied access to system. Then in safe mode could delete it
Silly MS
This old version would overwrite a .dll file and would error every boot.
I couldn't delete it even in safe mode and finally denied access to system. Then in safe mode could delete it
Silly MS
@Stake security ( http://www.atstake.com) has a WFPdisable tool that (temporarily) disables Windows File Protection, for when you need to replace protected files.
Jerry atrik,
When I right click on the file and choose Properties, all I have is the general tab. The file is read only, but when I turn it off and apply, I get "An error occurred while applying attributes." Then I have the IGNORE, IGNORE ALL, RETRY, CANCEL options. I'm screwed either way.
When I right click on the file and choose Properties, all I have is the general tab. The file is read only, but when I turn it off and apply, I get "An error occurred while applying attributes." Then I have the IGNORE, IGNORE ALL, RETRY, CANCEL options. I'm screwed either way.
geez at this time i would cramming my sp2 cd in the drive
You have become the real guinea pig for this issue. So, if we can't get it to release, the explorer trick doesn't work, here is a program that might help: http://www.softwarepatch.com/software/moveonboot.html
It is called moveonboot. It is free. It really wasn't designed for this but essentially, you run the program, issue what you want to do to a file (move, rename, delete) then when you reboot and before Windows kicks in, it intervenes and does what you asked it to do to the file.
It is called moveonboot. It is free. It really wasn't designed for this but essentially, you run the program, issue what you want to do to a file (move, rename, delete) then when you reboot and before Windows kicks in, it intervenes and does what you asked it to do to the file.
Ok. When you are able to delete it using moveonboot, check to see what the creation date is. It looks to me that you are now able to actually delete this dll, but some other process is creating it when windows eventually comes up. I saw this in trying to eliminate eAcceleration's software once. You could uninstall the software, but it impedded itself in the registry, invented a popup stopper attached to IE (a BHO) and kept creating a dll that ran in the background. This may not have been created by the eAcceleration software on your machine, but it could be using some of the same tricks. In the meantime, go to PestPatrol http://www.pestpatrol.com/ and try to scan your machine. Since MacAfee is seeing something in association with this dll and alerting you, it means their definitions know of this thing. I know that some of these company's are not the most helpful, but it won't hurt to email them with your quandry about what this dll is.
