Solved

SCRIP TO DELETE

Posted on 2004-04-12
5
1,383 Views
Last Modified: 2007-12-19
I use win xp I scan virus ,below is the list of file that infected it can not delete I go to safe mode it can not delete , If I connect this hardisk in linux machine , How can I write script to delete those file .
THANK  




E:\SOUNDMX.EXE Trojan horse Startpage.DM
E:\WINDOWS\MSSYS.EXE Trojan horse Downloader.Donn.N
E:\WINDOWS\PRECON~1.EXE Trojan horse Startpage.3.BH
E:\WINDOWS\E69JG3~1.EXE Trojan horse Startpage.3.BH
E:\WINDOWS\FVPROT~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\USERCO~1.DLL Virus identified I-Worm/Netsky.Q
E:\WINDOWS\FNTLDR.EXE Trojan horse Startpage.DM
E:\WINDOWS\312766.EXE Trojan horse Downloader.Nex.B
E:\WINDOWS\SYSTEM32\MTWIRL32.DLL Trojan horse Startpage.EM
E:\WINDOWS\SYSTEM32\OLEHELP.EXE Trojan horse Startpage.EN
E:\WINDOWS\SYSTEM32\MSREXE.EXE Trojan horse BackDoor.Jeemp.A
E:\WINDOWS\SYSTEM32\SYS.EXE Trojan horse Downloader.Delf.BD
E:\WINDOWS\SYSTEM32\SOUNDMX.EXE Trojan horse Startpage.DM
E:\WINDOWS\SYSTEM\121711.EXE Trojan horse Dialer
E:\WINDOWS\PREFETCH\IEXPLO~1.PF Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\KAZAAL~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BRITNE~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\KAZAAN~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BRITNE~2.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\HARRYP~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BRITNE~3.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\HARRYP~2.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BRITNE~4.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\HARRYP~3.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BR3060~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\HARRYP~4.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BRD650~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\HAE5A9~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BR44F8~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\HA4AE6~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BR5D6C~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\MATRIX~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BRB645~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BR6712~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EMINEM~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BR73F6~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EMINEM~2.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EMINEM~3.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EMINEM~4.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EM3951~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\RINGTO~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EMC49B~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\RINGTO~2.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EMD815~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\ALTKIN~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EM50BD~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\AMERIC~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\CLONIN~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\SADDAM~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\ARNOLD~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\WINDOW~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\WINDOW~2.EXE Virus identified I-Worm/Netsky.Q
0
Comment
Question by:teera
  • 3
  • 2
5 Comments
 
LVL 7

Assisted Solution

by:troopern
troopern earned 120 total points
Comment Utility
the first question is, are you using NTFS or FAT32 as filesystem ?
If you are using NTFS you don't want to try using ntfs write support since it's quite unstable so far.

have you tried booting up with the XP install cd to use recovery console ? from this console you might be able to remove these worm files.
0
 
LVL 45

Accepted Solution

by:
sunnycoder earned 230 total points
Comment Utility
Hi teera,

mount the drive
1. create a directoy to mount the drive
2. give mount command mount -t FAT32 /dev/hda3 /mount/directory

to remove files
1. sed 's:E\::mount/directory:' filelist .... to form complete path
2. cat filelist | while read name
   do
          rm $name
   done

Sunnycoder
0
 
LVL 7

Assisted Solution

by:troopern
troopern earned 120 total points
Comment Utility
sunnycoder, that script would work just fine, if it is a FAT32 system. if it's a NTFS system it's not that easy.
0
 
LVL 45

Assisted Solution

by:sunnycoder
sunnycoder earned 230 total points
Comment Utility
I agree ... NTFS support was not complete till 2.4  ... Did not check for 2.6
But FAT32 must not be a problem
0
 
LVL 7

Assisted Solution

by:troopern
troopern earned 120 total points
Comment Utility
In 2.6 it's more complete than in 2.4, but it's not entirely stable on the write support side.
It can mess upp the entire disk since the rights issues are not compltely solved as far as I know.

A FAT system is no problem at all to handle in Linux.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now