Cant delete 2 files that are tying up my computer 2

[ockerb]

I have 2 files tying up my computer and i cant get rid of them, one ("msyndi.com&quot keeps flashing into my task manager about every second but not long enough for me to stop the process. The other ("mstgmi.com&quot keeps adding itself to the run key in the registry. The same occurs in safe mode so I can't get in to them to delete, move or rename because they are always in use. I have done a virus check and tried ad aware, spybot S&D and spyferret but none of these help my problem. One file "msyndi.com" resides in the windows\msagent folder, the other file "mstgmi.com" is in the windows\system32 folder. My HDD is formatted NTFS so I can't get in via DOS to delete them either. If I remove the key in the registry it is back there immediately. I have been trying to resolve this for a few days now and I am desperate to avoid a format. Can some one help please.

 

[jrbarnett]

Hello,

There are only a few places where programs can set to run as Windows starts up, as I'm sure you realise. Have you tried using msconfig to disable running one or the other at system startup (my guess is that each checks for the existence of the other, and resets the key if not found).
If MSConfig isn't powerful enough, also try the Startup Control panel from

http://www.mlin.net

Using Google and the Microsoft search engine I haven't found anything relating to these specific filenames at all so it is not possible for me to say what they do, if they are a known virus or whatever.

John

 

[ockerb]

Thanks for the speedy reply John
I already found the reference to mstgmi.com in the msconfig and unticked it but it just keeps coming back. I thought I would be clever and prevent any changes to my msconfig by installing ad-watch from ad-aware ver 6. All I succeeded doing is is creating a log file as long as my arm telling me that mstgmi.com was attempting to change the msconfig. So no luck there.

 

[bcastner]

Try:

. search for both files, and write down their location(s)
. Start in Safe Mode (No Networking)
. Bring up Task Manager, and under both the Applications and the Processes tab End any instance of these programs.
. In Task Manager, find the process 'explorer.exe' and end the process
. In Task Manager, File, New Task:
. use the Del command and try to delete every instance of the files from Step #1
. if an 'Access Denied' error is seen, use the Attrib -r -s -h filename, the try the Del command again
. In Task Manager, File, New Task, Explorer.exe
. Use Msconfig to remove any entries
. Start, run, sysedit
See if there is any reference to the files in your configuration files, and remove the entries if so.

Try a normal start of your system.

 

[ockerb]

Thanks bcastner
Even in safe mode I am unable to stop this file msyndi.com from coming and going as it pleases. It does not stay visible in the task manager process long enough for me to click on it and end the process. No matter what I do to the file itself (actually, both of them) i get the message that they are in use by another program or person. I was able to stop explorer.exe (which incidentally flashes in and out of the task manager as well)but this didn't help. BTW I was unable to use the del command, says it didn't exist, nor delete for that matter

 

[jrbarnett]

Remember to check the startup group and WIN.INI load= and run= lines for programs set to load as well as registry keys.

John

 

[bcastner]

Delete them from the Recovery Console.

 

[linney]

See if you can make use of these handy freeware programs.

System Safety Monitor is a system monitoring tool with additional application firewalling. You can keep a list of trusted applications and be alerted each time a program, that is not on your trusted list, is executed. The optional black-list allows you to specify programs that will be prevented from running. You can also have System Safety Monitor alert you whenever a new start-up key is added to the registry. This allows you to prevent software from installing itself as an auto-start item in the registry without your knowledge. The included logging feature enables you to view a log of all changes that have been made to the registry.

http://www.webattack.com/get/systemsafety.shtml

DelLater is a tiny program that allows you to specify files to be deleted when Windows next boots, making it ideal for those situations when you can't delete a file because it's in use. Source code included.

http://www.diamondcs.com.au/index.php?page=products

If you want some good security programs the above site (DiamondCS) is the place to start.

 

[ockerb]

Thanks everyone for your input to my problem. At long last I have broken the cycle between the two errant files. The DELLATER file suggested by linney worked a treat. It didn't deletes the first file but did manage to delete the second, once that was done I was able to delete them both. I do seem to be left with a small legacy though. I have lost my dial-up network and when I try to establish another one I get to the area where the wizard allows you to select the manual setup. On the next page the only option is the broard band connection, the rest is greyed out. I only have a 56k Internal modem on that computer. Any ideas?

 

[bcastner]

Start Registry Editor.
Make a backup copy of the following registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\Next
Delete the following value: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\Next
Quit and then restart the Make New Connection Wizard. All of the network connection options are now available.

NOTE: The Accept Incoming Calls option is dependent on the user's assigned user rights.
Perform steps 1 to 4 for all the users who are logged on to the workstation.
To prevent this behavior from occurring with new users, modify the default user profile:
Use Regedt32.exe to load the Ntuser.dat hive from the C:\Documents and Settings\Default User folder.
Delete the following value: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Telephony\Cards\Next
Unload the hive.

 

[ockerb]

Thanks for helping Bcastner
I tried that with the registry key, the key value was 0000017(23) so I used modify and deleted the value and restarted my computer. Unfortunately this didn't have the desired effect. Again when I select "setup my connection manually" the next screen only offers me the choice of "connect using broad band connection". Any other ideas that might do the trick??

 

[linney]

305549 - HOW TO: Configure a Connection to the Internet in Windows XP Professional

http://support.microsoft.com/default.aspx?scid=kb;en-us;305549&FR=1&PA=1&SD=HSCH

Try this program that fixes damaged Winsock entries

http://members.shaw.ca/techcd/VB_Projects/WinsockFix.zip

A similar tool is available at

http://www.cexx.org/lspfix.htm

Run the System File Checker program from the Run Box by typing.....Sfc /Scannow in it and have your XP CD handy.

If they don't work you could try repairing windows itself by running it over itself. You will lose all your windows updates but your files will be untouched.

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)

http://support.microsoft.com/support/kb/articles/q315/3/41.asp

 

[bcastner]

Dial-up Modem or PPPoE Option in New Connection Wizard Is Unavailable

http://support.microsoft.com/default.aspx?scid=kb;en-us;320558

Be sure to follow the steps carefully. Try Method #1, and then Method #2 only if the first does not work.

 

[bcastner]

See also:

http://support.microsoft.com/default.aspx?scid=kb;en-us;329050

 

[ockerb]

Thanks fellaz for your patience and your very useful tips. A combination of a number of tips got me on the road to full recovery. That small file suggested to me from linney (DELLATER) should be able to solve almost any problem where you have to break a cycle where 2 or more files are working together to protect each other and preventing a simple process stop or delete. Once again, thanks alot