khairulaizat92 9 Posted October 1, 2017 Share Posted October 1, 2017 Dear Forumers, First of all thanks for helping. First ESET has successfully detect this type of malware and successfully removed the malware. Which is nice, but the damage has been done. The clients file of course has been hidden, which can be easily fix by using cmd command "attrib -s -h -r /s /d *.*" Which we can find again the client files and folder but the files or folder exist in it cannot be copied in, or copied out of the folder the malware used to hide the files or copied out of the thumbdrive. So my question is, is there in anyway i could do to fix this damage done by this malware? I can recover the clients files by using Ubuntu to move the files out of the folder and delete the "System Volume Information" Files and other files created by the malware. But that will need a lot of just to recover the clients files. Is there any fix that anyone could suggest? I have the full sample of the malware if you want to test it on controlled environment. "System Volume Information" files are hidden. And also another nameless files. Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 1, 2017 Share Posted October 1, 2017 3 hours ago, khairulaizat92 said: Which we can find again the client files and folder but the files or folder exist in it cannot be copied in, or copied out of the folder the malware used to hide the files or copied out of the thumbdrive. This sounds like a permissions issue. If you can't manually set new permissions using Win Explorer, you can use icacls from the command line, script, Powershell, etc. to do so: https://ss64.com/nt/icacls.html Link to comment Share on other sites More sharing options...
khairulaizat92 9 Posted October 9, 2017 Author Share Posted October 9, 2017 On 10/1/2017 at 9:09 PM, itman said: This sounds like a permissions issue. If you can't manually set new permissions using Win Explorer, you can use icacls from the command line, script, Powershell, etc. to do so: https://ss64.com/nt/icacls.html This is nice, however, this had to be done by an expert etc. And i indeed try some of the command but it seems does not work. Any other suggestion that can be easily used even by beginner to repair the damage done by this malware? Link to comment Share on other sites More sharing options...
Recommended Posts