Solved

SCRIP TO DELETE

Posted on 2004-04-12
5
1,387 Views
Last Modified: 2007-12-19
I use win xp I scan virus ,below is the list of file that infected it can not delete I go to safe mode it can not delete , If I connect this hardisk in linux machine , How can I write script to delete those file .
THANK  




E:\SOUNDMX.EXE Trojan horse Startpage.DM
E:\WINDOWS\MSSYS.EXE Trojan horse Downloader.Donn.N
E:\WINDOWS\PRECON~1.EXE Trojan horse Startpage.3.BH
E:\WINDOWS\E69JG3~1.EXE Trojan horse Startpage.3.BH
E:\WINDOWS\FVPROT~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\USERCO~1.DLL Virus identified I-Worm/Netsky.Q
E:\WINDOWS\FNTLDR.EXE Trojan horse Startpage.DM
E:\WINDOWS\312766.EXE Trojan horse Downloader.Nex.B
E:\WINDOWS\SYSTEM32\MTWIRL32.DLL Trojan horse Startpage.EM
E:\WINDOWS\SYSTEM32\OLEHELP.EXE Trojan horse Startpage.EN
E:\WINDOWS\SYSTEM32\MSREXE.EXE Trojan horse BackDoor.Jeemp.A
E:\WINDOWS\SYSTEM32\SYS.EXE Trojan horse Downloader.Delf.BD
E:\WINDOWS\SYSTEM32\SOUNDMX.EXE Trojan horse Startpage.DM
E:\WINDOWS\SYSTEM\121711.EXE Trojan horse Dialer
E:\WINDOWS\PREFETCH\IEXPLO~1.PF Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\KAZAAL~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BRITNE~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\KAZAAN~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BRITNE~2.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\HARRYP~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BRITNE~3.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\HARRYP~2.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BRITNE~4.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\HARRYP~3.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BR3060~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\HARRYP~4.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BRD650~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\HAE5A9~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BR44F8~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\HA4AE6~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BR5D6C~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\MATRIX~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BRB645~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BR6712~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EMINEM~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\BR73F6~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EMINEM~2.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EMINEM~3.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EMINEM~4.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EM3951~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\RINGTO~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EMC49B~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\RINGTO~2.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EMD815~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\ALTKIN~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\EM50BD~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\AMERIC~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\CLONIN~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\SADDAM~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\ARNOLD~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\WINDOW~1.EXE Virus identified I-Worm/Netsky.Q
E:\WINDOWS\PCHEALTH\UPLOADLB\WINDOW~2.EXE Virus identified I-Worm/Netsky.Q
0
Comment
Question by:teera
  • 3
  • 2
5 Comments
 
LVL 7

Assisted Solution

by:troopern
troopern earned 120 total points
ID: 10804037
the first question is, are you using NTFS or FAT32 as filesystem ?
If you are using NTFS you don't want to try using ntfs write support since it's quite unstable so far.

have you tried booting up with the XP install cd to use recovery console ? from this console you might be able to remove these worm files.
0
 
LVL 45

Accepted Solution

by:
sunnycoder earned 230 total points
ID: 10804041
Hi teera,

mount the drive
1. create a directoy to mount the drive
2. give mount command mount -t FAT32 /dev/hda3 /mount/directory

to remove files
1. sed 's:E\::mount/directory:' filelist .... to form complete path
2. cat filelist | while read name
   do
          rm $name
   done

Sunnycoder
0
 
LVL 7

Assisted Solution

by:troopern
troopern earned 120 total points
ID: 10804646
sunnycoder, that script would work just fine, if it is a FAT32 system. if it's a NTFS system it's not that easy.
0
 
LVL 45

Assisted Solution

by:sunnycoder
sunnycoder earned 230 total points
ID: 10804740
I agree ... NTFS support was not complete till 2.4  ... Did not check for 2.6
But FAT32 must not be a problem
0
 
LVL 7

Assisted Solution

by:troopern
troopern earned 120 total points
ID: 10805251
In 2.6 it's more complete than in 2.4, but it's not entirely stable on the write support side.
It can mess upp the entire disk since the rights issues are not compltely solved as far as I know.

A FAT system is no problem at all to handle in Linux.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
linux apache localhost dev laptop 5 48
Linux Scripting 3 102
cannot connect to openvpn server 9 60
VirtualBox in Fedora 25 Linux:  Unable to Install OS 11 149
Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now