File delete - access is denied even with /F

Put bad processes on ice:

  1. Download and run Process Explorer (from Microsoft) as Admin
  2. In the Options > VirusTotal.com menu enable Check VirusTotal.com and accept the license agreement
  3. A new column will appear titled VirusTotal with a number like 0/57. The first number indicates how many virus scanners think the process is infected. The second number indicates how many scanned the file. 0/57 would indicate a clean process while 19/57 would indicate 19 scanners think the process is bad.
  4. For any processes flagged as infected, right-click and Suspend (do not kill)
  5. Once all suspicious processes have been suspended, kill them one at a time
  6. If any new infected processes re-appear, suspend them and don't kill them
  7. Change the file permissions on your unwanted executable to regain Full Control, then delete it
  8. Once you've deleted the file, you need to immediately move into scanning your computer for malware


If this doesn't work, then break out the fire:

  1. Download and run Process Monitor (also from Microsoft) and run as Admin
  2. On the Filter menu click Filter...
  3. Create a filter condition to match your file as follows: enter image description here
  4. Click Add then OK
  5. Change the permissions on your file
  6. Review Process Monitor's output. You'll see that explorer.exe accesses the file (that's you, changing the permissions). Look for any other processes that touches the file...most likely the last process to do so. This is most likely going to be your malicious process.
  7. Use Process Explorer to suspend that process (the PID value shown by Process Monitor is also shown by Process Explorer)
  8. Try changing the permissions/deleting the file again

Just run:

takeown * /F /R /D  Y
icacls . /T /C /grant administrators:F System:F everyone:F
del * /s /q