WellingtonIS
asked on
Crypto Virus
I have 2 folders that I know are infected with Crypto Randsom Virus. the shares have been stopped and computers disconnected. I'm desperatly trying to delete these folders. But I can't. Please help.
Chris H
Have you tried an offline/parallel boot? You could use a live linux distro like knoppix or you could boot with the windows reocvery disk/ installation media and access a command prompt.
ASKER
I can get to the command prompt I just can't delete the files or folder
What stops you? Do you get an error message?
Have you tried using the cacls command?
Can you cd into the directory or do you get access denied?
Can you cd into the directory or do you get access denied?
icacls "C:\DIRECTORY" /grant everyone:F
ASKER
I"m getting access denied when I try to delete from command prompt
What is the drive and directory name. I'll give you the icacls command to run
ASKER
d:\welshare\hr and humanres.. What will this command do?
icacls "d:\welshare\hr" /grant everyone:F (this should get you into the dir)
then
d: (Change to d drive)
cd\welshare\hr (change to directory)
cacls *.* /g everyone:F
attrib *.* -s -h -r
then
d: (Change to d drive)
cd\welshare\hr (change to directory)
cacls *.* /g everyone:F
attrib *.* -s -h -r
repeat for the other directory
ASKER
but if I do that won't the virus infect everything else?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm deleting these two files becuase they are infected. I shut them down and need to get them off the server
The two files, one is in each directory, right?
Also, what are the file names?
ie
D:\welshare\hr\cyrpto.doc
D:\welshare\humanres\crypt
I need the full path
You do have access to the directories, right?
Also, what are the file names?
ie
D:\welshare\hr\cyrpto.doc
D:\welshare\humanres\crypt
I need the full path
You do have access to the directories, right?
ASKER
don' t know I don't want to access the folders
I'm afraid if I access I'll infect everything. The PC which had rights to these folders was infected.
I'm afraid if I access I'll infect everything. The PC which had rights to these folders was infected.
ASKER
I"m downloading AVAST now
ASKER
ok how do I change attributes to the file and folders in there? Theres a folder called HUMANRES inside is a folder call NANCY and I need to delete that and I can not
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sweet!
I recommend using the boot-time scan function on AVAST one last time. You can't trust windows anymore. Malware, for lack of a better word, is never clean after one pass from one av, IMO. Download and install malwarebytes too. You can get it from www.filehippo.com
Good luck!
I recommend using the boot-time scan function on AVAST one last time. You can't trust windows anymore. Malware, for lack of a better word, is never clean after one pass from one av, IMO. Download and install malwarebytes too. You can get it from www.filehippo.com
Good luck!
ASKER
Thanks. Will do
ASKER
I figured out if I can get the file moved then I can deleted it. Which basically is what I did then I follwed the directions and scanned and made sure nothing else was infected. Thank you all for you comments