captain_10_iceman Posted July 3, 2006 Share Posted July 3, 2006 hi im a long time reader of bitcomet forums first time writer :D ...anyways, can someone help me remove a file known as "Application.Tool.Evid.G" well thats the name given by bitdefender, my anti-virus. Its file name startes with this "Rar$" with 2 letters,2 numbers, a decimal and three numbers at the end, and in it the program called "EvID4226Patch" i tried to install it but it doesnt work after opening it with winrar, all it did was put files into my Temp file. I tried to remove it with Gipo remover and the basic left click, slide and hit delete both methods that i only know of, doesnt work can someone tell me how to remove it.. Link to comment Share on other sites More sharing options...
The UnUsual Suspect Posted July 3, 2006 Share Posted July 3, 2006 The most effective way to remove the file is to write down the path to the file. c:\BlahBlah\blahblah\moreblah\filename.xxx Now reboot in safemode "command prompt" only. now you can delete the file using the "del" command. although it can be done with one command, I prefer to move to the directory where the file is... c:\ enter cd BlahBlah enter cd blahblah enter cd moreblah enter now you can view the files with "dir" enter then type... del filename.xxx Then you can use "dir" again to confirm it is NOT there. Then reboot your PC. Another option is to restart windows in safe mode, and use the normal procedure you normally use, then reboot computer. The former will remove almost any file you wish, the latter will often work, but not always. Suspect ps. If the first procedure still cannot remove the file, then you can boot up from a boot floppy disc, or a bootable cdrom disc like winxp live (pe). Link to comment Share on other sites More sharing options...
Const2k Posted July 3, 2006 Share Posted July 3, 2006 Hi there. ...anyways, can someone help me remove a file known as "Application.Tool.Evid.G" well thats the name given by bitdefender, my anti-virus. Its file name startes with this "Rar$" with 2 letters,2 numbers, a decimal and three numbers at the end, and in it the program called "EvID4226Patch" i tried to install it but it doesnt work after opening it with winrar, all it did was put files into my Temp file. I tried to remove it with Gipo remover and the basic left click, slide and hit delete both methods that i only know of, doesnt work can someone tell me how to remove it.. First of all, I'm not sure that your AV can tell the difference between virus and "EvID4226Patch". I use Kaspersky one, and it didn't tell me "EvID4226Patch.exe" in "EvID4226Patch223d-en.zip" was a virus (and I don't think it was). Just to make sure, download its latest version only from maker's page (I assume you have WinXP SP2 as this can be applied to this Windows version only). Beware: patch from there is in .zip and inside .zip is .exe that is NOT Rar archive, as you mentioned... - check your computer for virii with up-to-date antivirus; Just in case your .rar was infected and your computer has virus. - restore system files with "sfc /scannow" command entered into Start -> Run... (prepare your WinXP CD-ROM); Original patch modifies system protected files, and SFC will replace modified versions (if any) with original. - reboot if necessary; - delete remaining unwanted files manually. Think twice whether you need this patch, and use files only from original sources in the future. That'll save you (and possibly some others) some time ;) P.S. The way U.U.S. offered will do just what you want - remove the file. Use with caution (especially first one) if safe way given by me above fails (which is unlikely). Link to comment Share on other sites More sharing options...
Dark_Shroud Posted July 3, 2006 Share Posted July 3, 2006 Some anti-virus programs do detect that "patch" as a virus. And no you don't really need it for BitTorrent as BitComet properly configures its connections to work with SP-2 or SP-1 depending on which OS you have. And the latest version of that patch is over a year old. Link to comment Share on other sites More sharing options...
The UnUsual Suspect Posted July 3, 2006 Share Posted July 3, 2006 I downloaded a program (tool) to activate windows xp, believe it or not, to activate my legit copy of winxp that microsoft could not get to activate, for a very complex reason I won't get into now, but the file, "wpakill.exe" was deleted as being a trojen virus by McAfee a/v. When I went to mcafee site to see what type of virus it was, it was plainly labled as a "tool" and the ONLY thing it did was disable windows product activation... Grrr... In other words, its NOT a virus, and all it does is EXACTLY what it was made for... lol Suspect ps. I'm not sure about the file you speak of, but thought you might find this story interesting. Link to comment Share on other sites More sharing options...
Const2k Posted July 3, 2006 Share Posted July 3, 2006 Recent false virus-notifications Some AntiVir Software vendors added the patcher into their virus-definitions. The patcher is often detected as 'Tool/EvID'. But as a first info: The patcher ist NO VIRUS. Some virus and trojanwriter uses the same technique to increase the limit. After that its easier for them to spread to other computers in the internet. This runs without knowledge of the user. So he is not informed about what's going on. With the patcher here, every user can decide on his own if he wants to change the file and if yes how high the limit should be. Also the user will be warned if he chooses to high limits, as already infected machines will spread existent viruses and trojans easier to the net. So everybody can choose on its own and is not forced to. The patcher itself does not contain malware. The virus-notification therefore should be seen as an information that this program contains the functionality to increase the limit. If that program is not known or has not been installed you can delete it. I hope I have answered some questions. LvlLord Ah geez... *edit*: The UnUsual Suspect: "Never say never", they say... captain_10_iceman told us that he has rar archive. Original patch is ZIPped. Hence he's got his .rar from unknown => untrustable source => it should be checked for virii, ESPECIALLY after he had run it. And only after that we'll be able to say that this is (99% or less, depends on AV) NOT a virus. Link to comment Share on other sites More sharing options...
captain_10_iceman Posted July 4, 2006 Author Share Posted July 4, 2006 yes i have xp sp2. I donwloaded this .rar from the maker's page and for insurance i also download from a link given in one of the bitcomet forum. I will try all thous suggestions and if it doesnt work, ill remove bitdefender and use diffrnt AV than ill keep asking for help. :) Link to comment Share on other sites More sharing options...
The UnUsual Suspect Posted July 4, 2006 Share Posted July 4, 2006 Ah geez... *edit*: The UnUsual Suspect: "Never say never", they say... captain_10_iceman told us that he has rar archive. Original patch is ZIPped. Hence he's got his .rar from unknown => untrustable source => it should be checked for virii, ESPECIALLY after he had run it. And only after that we'll be able to say that this is (99% or less, depends on AV) NOT a virus. Hey, I think you missunderstood my post. I was refering to a tool called wpakill, just as an example of a file that is "labled" as a virus, but only does exactly what it claims to do. In this case, I think microchit pressured them to lable it as such to stop people from using it, and it almost did just that, until I researched it. It prob should have been labled as a PUP, not a virus. Suspect Link to comment Share on other sites More sharing options...
captain_10_iceman Posted July 5, 2006 Author Share Posted July 5, 2006 UnUnsaul Suspect can u make it a bit clearer about how do do the blah blah delete can u do it with this - C:\Documents and Settings\NAME\Local Settings\TEMP-- and also i tried the second way by doing it in safe mode w/o cmd, but when i reboted and ran bitdefender it should it changed files and its now in my -- C:\System Volume Information\_restore(xxxxxxxxxx <---- all numbers and letters) and when i try to type that in i get nothing can u or anyone whow knows help me out to premenantly delete this Application.Tool.Evid.G that my AV calls it... oh and also my cmd has C:\Documents and Settings\NAME\> this is normal right, i aint to good with computers only this basics and i usually only see c:\ in the cmd b4.. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now