Tags Tags

How to Prevent Virus from Changing Read-Only and Hidden Attributes on Files Folders?

January 17th, 2012 - 04:49 am ET by W | Report spam
Help Create a new topic
We have our Windows 2003 servers fairly locked down by NTFS, and when a user
browses the Internet they are logged in as an ordinary user with minimal
access to the file system. So imagine my horror to see that a virus was
able to change every single file and folder on the file system to be
read-only and hidden, apparently using the attributes for files that are
affected by the ATTRIB commandline command.

Is the ability to use ATTRIB controlled by NTFS permissions? Or is this
the Write Attributes permission in NTFS? Unfortunately we probably did
enable that because it was generating too many false positive audit
messages.

The command

attrib -h -r *.* /s /d

apparently does NOT affect all folders under the current folder. Is there
a command that can be used that would change every file and folder from the
current location and down all subtrees?

Is there any utility that would restore any critical system files and
folders to their original attributes?

W
email Follow the discussionReplies 19 repliesReplies Make a reply

Replies

#1 Char Jackson
January 17th, 2012 - 12:56 pm ET | Report spam
On Tue, 17 Jan 2012 01:49:56 -0800, "W"
wrote:

We have our Windows 2003 servers fairly locked down by NTFS, and when a user
browses the Internet they are logged in as an ordinary user with minimal
access to the file system. So imagine my horror to see that a virus was
able to change every single file and folder on the file system to be
read-only and hidden, apparently using the attributes for files that are
affected by the ATTRIB commandline command.

Is there any utility that would restore any critical system files and
folders to their original attributes?



It sounds like you might need a tool called unhide.exe.
<http://www.bleepingcomputer.com/for...9.html>

Similar topics

Make your own search :