[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

How can I delete a hidden Autorun.inf file? (virus)

Posted on 2010-04-09
11
Medium Priority
?
1,268 Views
Last Modified: 2013-12-04
Ive been battling a Conflicker infection. I've disabled Autoplay, system restore, etc and it would really help if I could delete these hidden autorun.inf files that are located on each mapped drive.

When I try the below, I get access denied:
del /a:rhs [driveletter]:autorun.inf

So is there a script I could build that would somehow give me ownership/permissions and delete the file?

Thanks in advance.
0
Comment
Question by:guitar_333
11 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 30214802
Access denied is either going to be permissions or attributes.  what does attrib autorun.inf show?  what about cacls autorun.indie to check permanently
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 30215298
Sorry keyboard trouble there! will look from pc in bit
0
 
LVL 4

Expert Comment

by:AnnOminous
ID: 30215316
If you *know* that the autorun.inf file is the only issue, then you could boot from an Ubuntu LiveCD and delete the files that way, as they will not be 'in use'.

I would strongly suggest that after you do that you install an AV like Microsoft Security Essentials and perform a full scan. Or just do it from the Ubuntu LiveCD. Or, ideally, both.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 5

Expert Comment

by:abelenkiy
ID: 30217733
Use the attrib -h -r -s autorun.inf before running the del command.

Update and run TrojanRemover from http://www.simplysup.com 
Do the same with spybot right after.
0
 
LVL 22

Expert Comment

by:Ivano Viola
ID: 30217843
Malwarebytes has a tool included called File Assassin. If you install Malwarebytes you can use this tool to try delete the file. The tool can be found under the More Tools tab in Malwarebytes. It's worth a try.

You can also run a scan while your at it.
0
 
LVL 22

Expert Comment

by:optoma
ID: 30218057
I think flash Disinfector may help. Run it and see if it places a hidden autorun.inf folder on mapped drives.
Works on removable devices so no harm to cleanse those

On any device like that(removable) run flash Disinfector
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
-Download to desktop
-Run it
-Follow prompts
-When asked, plug in removable usb device
-It will prompt when scan is finished
-Repeat for next removable device

0
 
LVL 3

Accepted Solution

by:
Tech_Stig earned 1000 total points
ID: 30218432
Bring up Windows Explorer and choose [Tools]->[Folder Options].
Click on the view tab and choose "Show hidden files and folders." Then uncheck "Hide protected operating system files." Apply and OK. You should then be able to see the file in whatever drive.

Next browse to the file, right-click and [Properties]. Click the security tab then [Advanced]. Click on the owner tab and set yourself as the owner. Then click apply and ok. and then OK on the properties window.

Now you should have access to delete the file.

When you're done, be sure to at least re-enable the  "Hide protected operating system files" in Windows Explorer folder options.
0
 
LVL 4

Expert Comment

by:AnnOminous
ID: 30218529
Boot Ubuntu LiveCD and nuke the file. Neither permissions nor NTFS security will stand in your way.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 30219111
If this is on multiple drives/shares and not intended to be then it still comes down to before changing anything we need to know WHAT the current situation is, i.e.

attrib autorun.inf will return

ASH    c:\autorun.inf

and

cacls autorun.inf will return

computer\user:F
NT AUTHORITY\SYSTEM:F
BUILTIN\Administrators:F

etc.
Steve
0
 

Author Closing Comment

by:guitar_333
ID: 31712774
EXACTLY the answer I was looking for. I knew it was something as simple as this!!!!!

Thank you.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 30288443
So you did't want a SCRIPT then... like you asked for, just how to do it manually across each drive.....
Some feedback might be nice next time.

Steve
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

611 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question