Solution to Worms and Trojans with Read Only Files
I have received this question lots of times and the standard answer
I give will be of interest to you.
The question is "Why is that that many worms, trojans and viruses
cannot be removed. The only option seems to be reformating the hard
disk. An antivirus program (not V-Buster) displays the message that
"there are insufficient resources to remove the worm".
A lot of worms, trojans and viruses will create a file with an
attribute of 22 (hidden and read only). Windows will not allow a file with
an attribute of 22 to be deleted. In other words no antivirus
program including V-Buster will be able to delete the file under
However there is a simple solution.
The solution is to use an antivirus program that can run from DOS.
Windows based antivirus programs are useless when you have a worm,
trojan or virus with a file with an attribute of 22.
- 1. Boot up a DOS diskette in drive A. This will work for all
versions of Windows including Windows XP and Windows 2000 except
those with NTFS file system. The Boot Disk must be
prepared from a Windows 98 computer. You do this by exiting to
DOS from Windows 98, type "CD\WINDOWS\COMMAND" and then with a
formatted diskette in drive A, type "SYS A:"
If your computer has NTFS file system, tap the F8 key (when you boot your computer). This will allow you to go to the command prompt.
2. Run Vbuster.Exe from the DOS command prompt. Delete the file
when it is found. Yoy should also note down the name of the file
that has been deleted. For Vbuster.Exe you can find this name in
Vbuster.Log in the root (main) directory of your hard disk.
3. Run Regedit.Exe from Windows and delete all lines with the
name of the deleted file. This operation is not absolutely
essential but you might get an error message that a file referred
to in the registry is not found when you start Windows.
4. If the worm or trojan cannot be detected by V-Buster, run
Vbuster.Exe from DOS, press F1 and then "S" to search for the
file, assuming that you know the name of the file. Choose
"delete" to delete the file when it is found.