PendMoves and MoveFile Publisher's description
Schedule file rename and delete commands for the next reboot. This can be useful for cleaning stubborn or in-use malware files.
There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots, before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLMSystemCurrentControlSetControlSession ManagerPendingFileRenameOperations value.
This applet dumps the contents of the pending rename/delete value and also reports an error when the source file is not accessible. Here is example output that shows a temporary installation file is schedule for deletion at the next reboot:
Copyright (C) 2004 Mark Russinovich
Sysinternals - wwww.sysinternals.com
The included MoveFile utililty allows you to schedule move and delete commands for the next reboot:
usage: movefile [source] [dest]Specifying an empty destination ("") deletes the source at boot.
An example that deletes test.exe is:
movefile test.exe ""
System Requirements:Runs on:
* Client: Windows XP and higher.
* Server: Windows Server 2003 and higher.
Program Release Status:
Program Install Support: Install and Uninstall