If I had something like that on one of my systems I would be doing a complete reformat of my drives and reinstalling Windows from scratch. (Actually I'd just restore a clean backup image of Windows and all my software.) Who knows what else you might have in there.

However, your question was about how to delete this seemingly hidden file. Can you see the file in Safe Mode? How about via the DOS Window (Command Prompt)?

If you can't get at the file via those methods then you might want to look at booting from a CD and then zapping the file from there. BartPE or even a Linux CD like Knoppix will let you access your disk data without letting Windows boot at all.

I have a project that I wanted to complete tonight and was reluctant to reboot my PC into safe mode until I finished everything. I will definitely be rebooting in safe mode tonight, though.

How do I access DOS to see what's on my computer? What command line would I use to delete the bad file if I find it through DOS? I haven't used DOS in at least 10 years, I can't remember how to get to it, look for files or directories or delete them.

Start ¦ Run...

type cmd into the Open: window and click

OK

. That brings up the command line window. Change to the location where the file is using the

CD

(Change Directory) command. See if the file shows up there. To delete a file type DEL filename.ext.

I had similar issue. I used Windows live security scan and it detected ‘bad’ file, however it could not remove it. I tried browsing folder it was in , but it did not show up (in explorer). I tried searching for it and still got no result. However, when I looked for it using DOS window it showed up. I didn’t erase it right away, but manually searched registry for it, and removed all instances/references to it. I then deleted it using DOS prompt (same technique as bill described).

P.S. among others, useful tool to detect ‘unusual’ files is “HijackThis”

Unfortunately, the .exe file in question isn't showing up when I search using DOS. I'm also starting to notice that my PC is making running sounds when there aren't any programs being utilized, and nothing in the task manager seems out of the ordinary. My A: Drive tries to read a floppy disk every half hour or hour, even though there isn't a disk in there and I'm not running any programs while it happens.

I imagine someone is either remote accessing my PC or my computer is automatically trying to read and send info.

Try
Start-->Run-->cmd.exe-->dir /AH to view list of all hidden files.
else-
tools-->folder options-->View-->select option(View HIdden files)

However, it would be wise to do a fresh install of the OS and update Anti-virus/Anti-Spyware definitions/patches. Use a firewall, spam filters on mail and use strong passwords.

Hope this helps you.

I've tried all the means of revealing hidden files. You simply can't see the .exe file in DOS or Windows. Its still on my PC, I never could get it removed. I'm going to have to back all my data up and reformat since none of the virus programs could remove the .exe file.

Try F-Secure Blacklight... it may find it if rootkitrevealer does not.

Is your filesystem fat or ntfs on your c: drive?

Also what exactly is the filename that avg is reporting.

[edited by: bill at 4:16 am (utc) on May 17, 2006]
[edit reason] URL not necessary [/edit]

msoff.exe is the virus file. I don't know what fat or ntfs means with respect to my C drive.

I don't know what fat or ntfs means with respect to my C drive.

Grinler is asking what the file system format of your C: drive is. MS has some info here: Overview of FAT, HPFS, and NTFS File Systems [support.microsoft.com] and here: NTFS vs. FAT: Which Is Right for You? [microsoft.com] among others...

Double click on the My Computer icon on your desktop and right click on the C: drive. Then click on properties and itwill tell you the type of filesystem it is.

If its fat, than you can download a bootdisk for xp or 6.22 and delete the file from the command prompt that opens. Do a google search for bootdisk.

If on the other hand you have ntfs, it will become more difficult.

Msoff.exe is a trojan that steals online banking information. So once we get this cleaned, you may want to change any online banking passwords you use.

First things first, download autoruns from sysinternals and run it. When it is started, click on the Logon tab. Now look through the entries (prob under one of the Run keys) and see if you have one that has the name Microsoft office with the image path of msoff.exe.

If it exists, right click on it and delete it. Reboot and see if you can now see the c:\windows\system32\msoff.exe file. I do not believe this particular infection uses rootkits to hide it, so we may be safe in that aspect.

I would give you direct links to these tools, but not sure how WebmasterWorld likes that.

It appears I use ntfs. Also, on those programs you mentioned, sticky me the links if you can.

OT:

sticky me the links if you can

Simply entering the names of those software packages in any major Search Engine will get you to the appropriate pages.

Just google for these. Wont miss it.

Did you ever run blacklight btw?