Invisible Process

Discussion in 'Trojan Defence Suite' started by adic, Jan 25, 2005.

Thread Status:
Not open for further replies.
  1. adic

    adic Guest

    Hi,

    i have this fake onlineeye.exe file that i cannot delete. It says that there are some processes that are using the file, or other user using it. I've checked task manager and i can't seem to be able to find the process that uses the file. I've tried deleting the registry, but it doesn't help. Can you give suggestions?

    Thanks.
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Can you send the file to submit@diamondcs.com.au ?

    The first thing to try is boot into Safe Mode and see if you can move the file to a new location, or rename it
     
  3. frogfoot

    frogfoot Registered Member

    Joined:
    Aug 8, 2004
    Posts:
    116
    Location:
    Yeovil UK
    you could use Process Explorer from Sysinternals to determine which exe/service has that particular file open. (use the search handles function for this)
     
  4. adic

    adic Guest

    Hi,
    I've tried using safe mode, but i still can't delete it.
    Sorry, I don't know any Process explorer or sysinternals.
    I sent the file to the email.
    Thanks again for the help.
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
  6. adic

    adic Guest

    Emm.. Sorry, I still can't figure out a way to find the invisible process and kill it.. But I've known something though, when I open the file, a new process shows up in Process Explorer, but disappears in an instant.. I'm sorry, but I'm a noob in computers.

    Thanks.
     
  7. frogfoot

    frogfoot Registered Member

    Joined:
    Aug 8, 2004
    Posts:
    116
    Location:
    Yeovil UK
    I assume that from your previous post you downloaded and installed 'Process Explorer' from here
    One way to find what process has the file in question (onlineeye) locked it to use 'Process Explorer' to search for the file handle.
    To do this run Process explorer, then in the main menu (across the top of the window) select the 'Find' menu option, then select 'Find Handle'. A window will then pop up and ask you to enter the name of the file. Type in 'onlineeye' (without the quotes) then hit the search button. This should give you the name of the process locking the file. Yuo can then report back here with your findings.
     
  8. adic

    adic Guest

    Ok, now i got the process locking the file. It's explorer.exe. So, with my common sense i closed the handle. But still, i cannot delete the file, and everytime i try to delete it, the handle appears again. Btw, what is process handle?
     
  9. frogfoot

    frogfoot Registered Member

    Joined:
    Aug 8, 2004
    Posts:
    116
    Location:
    Yeovil UK
    Have you by any chance installed the Onlineeye Pro program written by pmasoft, if so can it be removed from 'add remove programs' in the 'control panel', is there a task bar icon which is called 'online eye' when you mouse over it? if so is there an 'exit' command in its right click menu?
     
  10. adic

    adic Guest

  11. adic

    adic Guest

    Nevermind, deleted the file already. Thanks y'all for ur help!
     
Thread Status:
Not open for further replies.