Delete file from the command prompt?

Question:

getreal

2009-10-31 18:44:57 UTC

I got infected by a trojan i was able to disable it but need to delete it from the command prompt.
The file is c:\program files\uyngsk\wlomsysguard.exe
this is loaded by the registry.

hklm\software\microsoft\windows\current version\run\"system tool"
this is called from the registry key
my anti virus as well as 2 other programs could detect it -but- not delete it.
trojan.fake alert
any help would be appreciated.
thanks,getreal

Five answers:

vlj2002

2009-10-31 19:29:00 UTC

In the program file is not the virus main source to run the program it's in User or Application Data folder.

Use combofix from bleepingcomputer.com, then go download malwarebytes from softpedia.com or cnet.com and use it(rename the installer if it doesn't let you install it such as winlogon.exe), then clean the rest of the virus with superantispyware from softpedia.com or superantispyware.com.

Future Protection use this wizard to recommend security protection for your system:

http://www.techsupportalert.com/secwiz

Or Manually:

Terminating the process:

1.I verify that a Rogue is present. This isn't hard, since it's usually popping up just about every few seconds.

2.Click CTRL-ALT-DELETE (if it's available)

3.Click Task Manager

4.Click Processes

5.Find a process that usually contain all numbers. For example 2342342.exe. If you do not see all numbers then your rogue has a name like...SystemSecurityPro.exe or GreenAV.exe...etc.

6.Select that process and click end process.

7.At this point the rogue process has been terminated.

Removing Rogue Anti-virus that is named with random numbers.

1.Click Start

2.Click Run (or for Vista type in the start search box)

3.For windows xp type: C:\documents and settings\all users\Application Data and click OK. A window will open containing a folder with about 8 numbers. Your Rogue is in there. Delete that folder.

4.For Windows Vista type C:\users\all users in the "start search" box and click enter. Your randomly named folder with about 8 digits should be in there. Delete it.

Removing Rogue Anti-Virus that has a name like System Guard Pro, AV2010, etc

1.Open Windows Explorer.

2.Open your C:\ drive.

3.Open Program Files

4.Find the Rogue and Delete the folder.

2009-10-31 19:15:14 UTC

From the Command prompt, type "del c:\program files\uyngsk\wlomsysguard.exe".(no quote marks)

The thing is, you have to either get it out of the registry first, or do it from Safe mode command prompt.

2016-12-01 13:04:15 UTC

attempt deltree this deletes the tree of archives. fairly the folder and all its contents. be beneficial to define the deltree to the specific folder and to no longer run deltree from only c:> else it is going to wipe out your total c force. If the project is on a USB stick you additionally can desire to look into formatting the USB force presented you have subsidized up what you like from the gadget. only click initiate my laptop the terrific suited click the mass storage gadget and decide format. terrific of success and desire this helps

Dale B

2009-10-31 19:12:30 UTC

or you could get unlocker, delete it in the c:\program files\uyngsk in windows explorer and it would say, removing file, and it hacks through the anti-delete things

here: http://ccollomb.free.fr/unlocker/

2009-10-31 18:50:52 UTC

Assuming windows, open command prompt as administrator, use rmdir "path"

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese