Delete Individual Files on NS6000 NAS

Posted on 2010-09-12
Last Modified: 2013-12-02
I have a virus which has wormed itself into my network. The virus has created folders called 'Recycler' and 'Info' and inside is a .jpg.exe file which when users run it will install on all networked users pc's and all network drives. It also has an autorun.ini which picks it up when you open the drive through the my computer console.
It has installed itself on a couple of the NAS shares and has provided read only access to all users apart from one who has read-write access (I assume he ran the file last). Noone has delete access to this file. I dont know how I can remove these files from the NAS. If I logon as the administrator and try and change permissions I get "Access denied" and if I try just a delete i also get "Access Denied"
Any suggestions?
Question by:Zane80
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3

Accepted Solution

kenycl earned 500 total points
ID: 33659585
at this very point i would suggest scanning your FIle with a antivirus scanner eset or something similar.
at this point i would also suggestion not to logon as an administrator so that it does not have as much privileged to write elsewhere that you may not want it to.

do the scan after hours when no one is using any files and are logged out.

hope you get ride of the virus asap before it hits your OS and courses more trouble for you.

Author Comment

ID: 33659637
Nope. I have tried this. The virus scanner cannot delete the file either "access denied" I am using Symantec professional.

The virus frequently was spreading through all network drives and has infected most local computers. I have disabled all users access to root directories of network shares and I have also disabled auto run on all computers (using group policies).

I have deleted the files off all the PC shares but cannot delete off the NAS due to access issues.

Assisted Solution

kenycl earned 500 total points
ID: 33659650
presuming the user you use has domain admin access?

what shows as the file owner when you right click on the file and go into security and advanced see if you can change it to yourself and delete that particular one file first.
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users


Author Comment

ID: 33659692
Yes. I have full admin access under both my account and the administrator account.
I tried changing the permisssions with no luck.

The owner is a user called Patrick. His rights have been removed and he is not able to delete this file either.

Author Comment

ID: 33659701

Author Comment

ID: 33668046
Any suggestions for this?

Assisted Solution

kenycl earned 500 total points
ID: 33668088
the other option i can think of is the lenght of the path is longer than 24.

is the length of the path quite long?

you could try mapping the older to a drive and access and delete that way and try.

sorry im not too sure what else you can do, any guru out there that could help please?

Author Comment

ID: 33668132
The path is \BOSWNNAS01\info\Vanja.jpg.exe and an autorun.ini
it is mapped to R:\info\Vanja.jpg.exe

I have disabled the virus from spreading as I was able to delete R:\autorun.ini (dont know how) and I have disabled autorun on all pc's and stopped access to root directory on shared drives.

This virus spread accross every drive including flash drives and has likely affected home computers.I created a batch script for users to run which will delete the main virus. I have also deleted it off the file server's just not the NAS

Author Closing Comment

ID: 33880813
User very helpful. Ended up removing files off NAS and formatting partition.

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I previously wrote an article addressing the use of UBCD4WIN and SARDU. All are great, but I have always been an advocate of SARDU. Recently it was suggested that I go back and take a look at Easy2Boot in comparison.
Determining the an SCCM package name from the Package ID
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question