Hello:
New here and loooking for assistance to get rid of a PHISH intrusion.
It arrived when I clicked on a couple of incoming emails.

I immediately got a response from my Avast appn that identified the intrusion as PHISH/Ebayfraudalert/TJ.

I also found in my WINDOWS/TEMP folder the folowing: -AVAST4/wbshlock.txt And while I supposedly was able to use Avast a-v to delete the intrusion - twice in a row, the access to the TEMP was impossible to delete giving me a msg that it is being ussed elsewhere and I can't find out where.

t also produces two files peflib_perfdata_XXX.dat and a second similar one - each time I click on any email that is legit, these files change their 3-digit ending and the prior ones can then be deleted.

I tried, Avast, AVG, Avira, Spy sweeper, Spyware Doctor and nne has been able to delete the instrusion or even detect it specifically except Avast.

Any help in solving this would be greatly appreciated. I've run out of ideas save transferring essential files and re-formatting the hard drive.

thanks for any help.

Welcome to the CC forum.

While this is not a "phish" per se; it seems to be some malware infection, or remnants of it.

To remove files that seem blocked by other applications, try to boot into Safe Mode, then delete the file(s) from there. See the first part of this article for more information on Safe Mode: http://support.microsoft.com/kb/316434

If this does not resolve your problem, please post again to receive more help.

Thanks very much for the safe mode suggestion. Once there I was able to delete the items to the trash bin. However, they all came back. I used a small application called Incinerator to "destroy" them; but they came back as noted below.

So I deleted the AVAST anti-virus application and then deleted the " _avast 4 " folder that was located in two locations (1) in Documents & Settings\myname\local settings\temp and (2) in WINDOWS\TEMP and this time the file webshlock.txt in the latter location has gone.

However, the "perflib_perfdata_XXX.dat" file still shows up and when I try to delete this it gives a msg that it is being used elsewhere and it can't be deleted. The XXX changes each time after I re-boot either when I am online or offline. A new 3-digit or alpha character shows up and the prior one is deletable as are a couple of .txt and .log files that also appear.

So if this is any help to explain the problem, I look forward to any further suggestions you have.
Thanks

The "perflib_perfdata_XXX.dat" files are created by performance monitoring programs; they are not malicious, and you can safely ignore them. They will disappear after a while, but be replaced by new ones.

Yes, they cannot be deleted, as they are in use by these monitoring programs that create and update them.

Thanks very much for your reply and I very much appreciate your help. I'm glad I didn't go to extreme lengths to re-format the hard drive!!
"Arigato gosymu"

"Dō itashimashite"

As a final post on this subject I did find a freeware program called: FileAssassin that will unlock the file and then permits the unlocked file to be deleted.

However, the .dat file does come back.