can't find infected file

[collilia]

Hi All

My virus program (Kaspersky) tells me that I have the win32.VB.ez trojan in the the following file

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QDBGXGRU\diamond[1].cab->mm21.ocx".

Kaspersky can't remove or delete the file.My problem is that I can't remove the file manually because the directroy "content.ie" doesn't seem to exist in the temp internet files directory.
I have "show hidden files and folders" checked in the tools menu and I have used windows search but still can't seem to find the infected file or indeed the directory it resides in.

Any help here would be apreciated.
Liam.

 

[MasterRacker]

In your view options, make sure you uncheck "Hide Protected Operating Systems" files as well.


Jeff
The future is already here - it's just not widely distributed yet...

 

[collilia]

Was already unchecked
but thanks for the input

Liam

 

[Kesser]

Have you tried in safe mode also?

Kes

 

[MasterRacker]

Yes. Try it in safe mode. Also, try all the steps in the FAQs for removing spyware as well as viruses. There may be some other malicious process running that is hiding that folder. It's visible on all my machines.


Jeff
The future is already here - it's just not widely distributed yet...

 

[diogenes10]

If you go through explorer, tools, internet options, delete files, do you still get the message?

On windows98 I just use deltree and delete the entire temporary internet files folder and let windows recreate it. I do not know if that is a safe procedure for other versions. There are cleaning utilities, you might be able to look through the downloads at Major Geeks and find one of those and let it clean the entire temp internet files area for you.



-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?

 

[CableInstaller]

Windows hides user TIF content while logged into the profile.
If you login to a different account you will have access to those files in the Administrator profile providing the files were not made private.
If you know the actual path you can copy and paste into Killbox and delete it that way, it will still recognize the file whether windows lists it or not.

http://www.downloads.subratam.org/KillBox.exe

Or at worst delete on reboot.

 

[BadBigBen]

Best would be to just go to the Internet Options (Control Panel) there you can delete the Temp Int. Files as well as Cookies...

you can also set the Deletion of these files to every time you exit IE...



Ben

If it works don't fix it! If it doesn't use a sledgehammer...

 

[collilia]

Thanks folks for all the help.

The pc in question is in the office and I won't be in contact with same untill friday next (OMG that's a full week off !!)
Anyway I think you guys have given me enough info to sort it out.Will let you know otherwsie

Thanks Again
Liam.

 

[collilia]

Spot on CableInstaller.
Logged in under a different user and was able
to delete files no prob.

Cheers
Liam.