PDA

View Full Version : Undeletable Securom file



sal
10-05-2007, 09:05 PM
I've had a Windows.old directory sitting in system root for a while and it annoys me cause I can't delete it, always coming back with this stupid error message (http://www.imagef1.net.nz/files/securom.png). There's no files in these folders, even with 'Show hidden files and folders' checked. It mentions Securom in the path which in Google is coupled with root kit/indeterminable with Rootkit Revealer, etc.

Anyone had any experience in dealing with this or would know a quick way to delete this folder??

Speedy Gonzales
10-05-2007, 09:11 PM
Looks like youre not the only one with this prob.

Here's some info (http://channel9.msdn.com/ShowPost.aspx?PostID=278818)

sal
10-05-2007, 09:23 PM
Yeah, I know where the "Windows.old" folder came from. It's where the old WinXP system files got dumped cause I was installing Vista over it (NOT an upgrade. I couldn't format disk0part0 it while installing Vista because it was the primary boot partition. I don't really know what I'm talking about but it worked out fine, except for this :\...).

I didn't need anything in there when Vista was up and running so I did a Shift+del on Windows.old. Probably not a good move but everything is gone (13GB of files and folders was in there) except those few folders, all thanks to Securom wherever the hell it came from. Seriously pisses me off.

Speedy Gonzales
10-05-2007, 09:28 PM
So did u go to the link I posted?

sal
10-05-2007, 09:53 PM
Yep, just went through the disk clean (was called "Previous installations" in my list), 8KB but still remained even after trying 3 times. I launched and elevated a cmd window but even doing "del Windows.old" a few times from there has no effect.

zqwerty
10-05-2007, 10:10 PM
Take ownership

Right-click on the folder and click Properties. Click the Security tab, and ignore the message (Click OK). Click Advanced and click the Owner tab. Choose your name from the Name list. Tick "Replace owner on sub-containers and objects" and click OK. Click yes to the warning that appears.

Now delete it with right click delete or highlight/delete on keyboard

NB did not notice that you are on Vista so this all may be BS

sal
10-05-2007, 11:00 PM
I've taken ownership (I actually have a "Take ownership" context menu option set up) and that was no good either.

I think it might have something to do with root kits because I swear the error is so random with the filename of the "file that can't be found" being a weird in language (see screenshot above) and no files even being 'present' in any sub-directory (as I said earlier, "Show hidden files and folders" is enabled).

zqwerty
10-05-2007, 11:19 PM
Because you are using Vista I'm not sure what to do but if you were on XP then I would advise trying SpaceMonger it has a very powerful delete option, if you can see the folder in SpaceMonger then you should probably be able to delete it.

http://www.sixty-five.cc/sm/

Does not seem as if it will be ok on Vista.

sal
10-05-2007, 11:59 PM
Ohh, that was real close but no cigar. I managed to copy the path to the files that need deleting. I still need to see what happens in safe-mode.

C:\Windows.old\Documents and Settings\sal\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρϯϸϹϴϴϵϾ
C:\Windows.old\Documents and Settings\sal\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρϯϸϹϴϴϵϾϻϵЉ

That's the path to the two hidden as files, really weird.

EDIT: Whoa, I got a good Google set of results back from searching for that random filename!. Currently reading through them...

Update: Yeah, I remember trying the F.E.A.R demo from the PC World discs aaages ago. Still there after a clean uninstall of the game, how annoying...am about to try a "DelLater" on both files.

zqwerty
11-05-2007, 12:15 AM
Remove and add the HDD as a slave on another computer see if the folders show and delete them.

sal
11-05-2007, 12:24 AM
Solved!

I got some good hits from the Google search with the filenames I never would have got hold of without your help zqwerty. Thanks.

This thread (http://www.daemon-tools.cc/dtcc/archive/undeleteable-hidden-files-created-securom-t5780.html) from some other site had the answer:


ATTRIB -R -S -A -H "C:\Documents and Settings\<user>\Application Data\SecuROM\UserData\*"

DEL "C:\Documents and Settings\<user>\Application Data\SecuROM\UserData\*"

Reading down further there, it looks like "rd" might have worked too, though I doubt it :\

pctek
11-05-2007, 06:51 AM
1. stop UAService7 service (CTRL+ALT+DEL, find it and kill it)
2. using e.g. Autoruns (http://www.sysinternals.com/Utilities/Autoruns.html) remove this service and delete the file \windows\system32\UAService7.exe
3. delete the folder Documents and Settings\<your_user_name>\Application Data\SecuROM
4. delete the folder Documents and Settings\All Users\Application Data\SecuROM; in case of any deletion problems use DelInvFile tool
(http://www.purgeie.com/delinv.htm).
5. delete securom registry keys using redelnull
6. key named HKLM\SOFTWARE\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* contains embedded nulls and cannot be removed using regedit;
(http://www.sysinternals.com/Utilities/RegDelNull.html)