qualityip
asked on
Find files by owner in Windows after virus attack
We have a terminal server that was infected by a Trojan. The trojan changed ownership of several thousand files to the infected and corrupted the data.
Is there a way we can search for files in Windows that will show the FULL PATH of the files owned by a specific user?
Is there a way we can search for files in Windows that will show the FULL PATH of the files owned by a specific user?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1) Why haven't you simply restored the files from their last known good backup? Anything that has been touched by an unauthorized third-party (in your case, a trojan) cannot be trusted.
2) With some backup programs, such as BackupExec, it is possible to set a restore job where BackupExec only restores the permissions to files already located on the server, based on the permissions that it backed up in a previous job. If you don't use BackupExec, check with your vendor's documentation to see if they support this type of function.
3) Ownership is really a permission that ought not be granted to individual users, because ownership allows that owner to set whatever permissions they wish to those files or folders, irrespective of IT's intentions. I would simply go into the root folder and set Administrators group as the owner and apply that permission to all the child objects. This would be the quickest way to resolve the ownership issue.
Of course, I would only be this cavalier with user-created data... not system-created data.
Good luck.