Security Software Unable to delete .exe files

[m0h1t]

This is happening since the past 2-3 hours.

Initially I spotted a "mpsigstub.exe" in my D drive.

Unable to delete this file, I scanned the entire system with eset nod32 3.x

Nothing came up.

Started scanning with windows defender, system started acting funny, ram usage would suddenly go upto 98% while cpu usage was at times ~50% and at one time ~5%.

Now I'm whenever I delete a .exe file, they keep reappearing. After the 1st attempt of deleteing, all permissions to that file are revoked.

I am able to delete files in safe mode, but not in the normal mode.

what to do?

please advice.

 

[gforce]

That is a system file according to THIS thread. If it ever runs, use PE to check the source.

 

[47Shailesh]

If you really want to delete it, use unlocker and delete it

 

[m0h1t]

I already removed "mpsigstu" through safe mode.

But the issue is still there, i cannot delete any .exe file

I found a log file "MpSigStub.log" while searching for "mpsigstub", here's what it says..

-------------------------------------------------------------------------------------

MpSigStub: Command Line: d:\9d52099b4218d8e293a1ded855b6\mpsigstub.exe WD /q

Start Time: Tue Mar 31 2009 12:46:20

mpsigstub.cpp:1048 ProcessIniFile() - PatchFullEngine = FALSE

mpsigstub.cpp:2759 LogDirFilesInfo() - Examining package contents.

mpsigstub.cpp:2796 LogDirFilesInfo() - Files contained in directory d:\9d52099b4218d8e293a1ded855b6:

mpsigstub.cpp:2847 LogDirFilesInfo() - $shtdwn$.req

mpsigstub.cpp:2847 LogDirFilesInfo() - as_delta.ini

mpsigstub.cpp:2872 LogDirFilesInfo() - mpasdlta.vdm, Version: 1.55.736.0

mpsigstub.cpp:2872 LogDirFilesInfo() - mpsigstub.exe, Version: 1.1.4700.0

mpsigstub.cpp:3124 wWinMain() - Updating product WD...

mpsigstub.cpp:1657 NeedToUseProductName() - We are not running in Wow64.

mpsigstub.cpp:1670 NeedToUseProductName() - We are running in Windows Vista.

mpsigstub.cpp:1678 NeedToUseProductName() - We are updating WD.

mpsigstub.cpp:1702 NeedToUseProductName() - We will use the product name for locating MpClient.dll.

mpsigstub.cpp:1886 LocateAndLoadMpClient() - Path to MpClient.dll is: C:\Program Files\Windows Defender\MpClient.dll

mpsigstub.cpp:3151 wWinMain() - Successfully loaded MpClient.dll

mpsigstub.cpp:2745 LogDirFilesInfo() - Examining current signature location.

mpsigstub.cpp:2796 LogDirFilesInfo() - Files contained in directory C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B0DC4773-8FA2-46B2-9C4F-745DC1AF6961}:

mpsigstub.cpp:2872 LogDirFilesInfo() - mpasbase.vdm, Version: 1.55.0.0

mpsigstub.cpp:2872 LogDirFilesInfo() - mpasdlta.vdm, Version: 1.55.543.0

mpsigstub.cpp:2872 LogDirFilesInfo() - mpengine.dll, Version: 1.1.4502.0

mpsigstub.cpp:2177 UpdateDefinitions() - Calling MPUpdateEngine with directory d:\9d52099b4218d8e293a1ded855b6.

mpsigstub.cpp:2224 UpdateDefinitions() - MpUpdateEngine() completed successfully.

mpsigstub.cpp:3182 wWinMain() - Successfully updated definitions for product WD

mpsigstub.cpp:3229 wWinMain() - Going to return from main with value 0x0

MpSigStub: End Time: Tue Mar 31 2009 12:46:25

-------------------------------------------------------------------------------------

 

[hatter]

mpsigstub.exe is a system file.
I think there is some issue with application conflict/ registry error that must have occured after some update/installation. Try to do a system restore to the time when you knew the comp was running fine.

 

[m0h1t]

sys restore fixed it.. phew!

I got scared. thnx everyone for replying

 

[m0h1t]

Damn!! worked fine for a few minutes.

The issue is back again

 

[47Shailesh]

I think it could be some malware which is causing you the issue. Do scan ur hdd on ur friend's system. You can also use Kapersky rescue disk to scan.

OT: I never like system restore, it's a place where virus keep themselves safe

 

[m1h1r]

@OP
Are you using Windows 7??

 

[m0h1t]

yes.. 64 bit

system restore not working anymore

 

[m1h1r]

Yeah.. that's the problem (Windows7)
Happens to me too.. on 32 bit.. (happened in build 7000 and happening in build 7048 as well) ..
What happens is that Windows7 blocks your .exe files.(i.e. copying, moving, deleting or renaming)
That's probably a bug I guess or a anti-piracy move so that people don't delete and copy .exe files (cracks)
Don't be afraid. It's not malware for sure..
See here you will get plenty of people facing the same problem as you

 

[m0h1t]

I'm glad it isn't malware/trojan/virus,etc cuz i'm very particular about system security and was wondering how come this happened..

..someone posted that build 7068 has this issue solved.

 

[m1h1r]

^^is it??

Post the link please...

 

[m0h1t]

Windows 7 - Can't delete exe files on Desktop | Tech Gremlin