Jump to content

Archived

This topic is now archived and is closed to further replies.

khairulaizat92

Win32/Spy.AHK.T Trojan

Recommended Posts

Dear Forumers, First of all thanks for helping.

First ESET has successfully detect this type of malware and successfully removed the malware.

Which is nice, but the damage has been done.

The clients file of course has been hidden, which can be easily fix by using cmd command "attrib -s -h -r /s /d *.*"

Which we can find again the client files and folder but the files or folder exist in it cannot be copied in, or copied out of the folder the malware used to hide the files or copied out of the thumbdrive.

So my question is, is there in anyway i could do to fix this damage done by this malware?


I can recover the clients files by using Ubuntu to move the files out of the folder and delete the "System Volume Information" Files and other files created by the malware. But that will need a lot of just to recover the clients files. Is there any fix that anyone could suggest?  I have the full sample of the malware if you want to test it on controlled environment.

"System Volume Information" files are hidden. And also another nameless files.

59d0b4134398c_Sample1.thumb.PNG.2c9473d621aed367f98971c79d842942.PNG

 

Share this post


Link to post
Share on other sites
3 hours ago, khairulaizat92 said:

Which we can find again the client files and folder but the files or folder exist in it cannot be copied in, or copied out of the folder the malware used to hide the files or copied out of the thumbdrive.

This sounds like a permissions issue. If you can't manually set new permissions using Win Explorer, you can use icacls from the command line, script, Powershell, etc. to do so: https://ss64.com/nt/icacls.html

Share this post


Link to post
Share on other sites
On 10/1/2017 at 9:09 PM, itman said:

This sounds like a permissions issue. If you can't manually set new permissions using Win Explorer, you can use icacls from the command line, script, Powershell, etc. to do so: https://ss64.com/nt/icacls.html

This is nice, however, this had to be done by an expert etc. And i indeed try some of the command but it seems does not work. Any other suggestion that can be easily used even by beginner to repair the damage done by this malware?

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...