How can I delete a hidden Autorun.inf file? (virus)

Ive been battling a Conflicker infection. I've disabled Autoplay, system restore, etc and it would really help if I could delete these hidden autorun.inf files that are located on each mapped drive.

When I try the below, I get access denied:
del /a:rhs [driveletter]:autorun.inf

So is there a script I could build that would somehow give me ownership/permissions and delete the file?

Thanks in advance.
guitar_333Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steve KnightIT ConsultancyCommented:
Access denied is either going to be permissions or attributes.  what does attrib autorun.inf show?  what about cacls autorun.indie to check permanently
0
Steve KnightIT ConsultancyCommented:
Sorry keyboard trouble there! will look from pc in bit
0
AnnOminousCommented:
If you *know* that the autorun.inf file is the only issue, then you could boot from an Ubuntu LiveCD and delete the files that way, as they will not be 'in use'.

I would strongly suggest that after you do that you install an AV like Microsoft Security Essentials and perform a full scan. Or just do it from the Ubuntu LiveCD. Or, ideally, both.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

abelenkiyCommented:
Use the attrib -h -r -s autorun.inf before running the del command.

Update and run TrojanRemover from http://www.simplysup.com 
Do the same with spybot right after.
0
Ivano ViolaSystem AdministratorCommented:
Malwarebytes has a tool included called File Assassin. If you install Malwarebytes you can use this tool to try delete the file. The tool can be found under the More Tools tab in Malwarebytes. It's worth a try.

You can also run a scan while your at it.
0
optomaCommented:
I think flash Disinfector may help. Run it and see if it places a hidden autorun.inf folder on mapped drives.
Works on removable devices so no harm to cleanse those

On any device like that(removable) run flash Disinfector
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
-Download to desktop
-Run it
-Follow prompts
-When asked, plug in removable usb device
-It will prompt when scan is finished
-Repeat for next removable device

0
Tech_StigCommented:
Bring up Windows Explorer and choose [Tools]->[Folder Options].
Click on the view tab and choose "Show hidden files and folders." Then uncheck "Hide protected operating system files." Apply and OK. You should then be able to see the file in whatever drive.

Next browse to the file, right-click and [Properties]. Click the security tab then [Advanced]. Click on the owner tab and set yourself as the owner. Then click apply and ok. and then OK on the properties window.

Now you should have access to delete the file.

When you're done, be sure to at least re-enable the  "Hide protected operating system files" in Windows Explorer folder options.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AnnOminousCommented:
Boot Ubuntu LiveCD and nuke the file. Neither permissions nor NTFS security will stand in your way.
0
Steve KnightIT ConsultancyCommented:
If this is on multiple drives/shares and not intended to be then it still comes down to before changing anything we need to know WHAT the current situation is, i.e.

attrib autorun.inf will return

ASH    c:\autorun.inf

and

cacls autorun.inf will return

computer\user:F
NT AUTHORITY\SYSTEM:F
BUILTIN\Administrators:F

etc.
Steve
0
guitar_333Author Commented:
EXACTLY the answer I was looking for. I knew it was something as simple as this!!!!!

Thank you.
0
Steve KnightIT ConsultancyCommented:
So you did't want a SCRIPT then... like you asked for, just how to do it manually across each drive.....
Some feedback might be nice next time.

Steve
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.