Help recovering folder names after virus found - w32.changeup

BokehBokeh Member Posts: 1,636 ■■■■■■■□□□
Symantec caught this one, and using attrib -r-h-s drive\folder name I was able to restore some of the folders. I still have some that will not come back, and since they are long folder names, cannot run them from the command prompt. People can still get to the files if they are in their recent documents, but if there is one file they have not opened in a while they have a bit of difficulty getting to it. Does anyone have any suggestions?

Comments

  • BloogenBloogen Member Posts: 180 ■■■□□□□□□□
    I am not familiar with you particular issue but I have had had success deleting/renaming problematic long filenames by using a UNC path instead of a local path.

    Instead of:
    C:\Users\User\Documents\document.txt

    Rename the file from:

    \\Computername\c$\Users\User\Documents\document.txt
  • kriscamaro68kriscamaro68 A+, Net+, Server+, Security+, Win7 MCP, Server 2012 Virtualization Specialist, MCSA 2012 Member Posts: 1,186 ■■■■■■■□□□
    If you know that the files/folders are still their but having issues finding them do to the malware still causing issues try pulling the hd out and hooking it up to another computer and grab the files/folders that way.
  • JBrownJBrown Member Posts: 308
    We just got hit with that [email protected] ourselfs. this is what helped us:
    Take ownership of the folder, assign Full Privileges to yourself and of course cmd to the folder and
    attrib *.* /d /s -s -h -r
    apparently the -s and -h sequence does mater.

    Hope it helps.
  • ClaymooreClaymoore Member Posts: 1,637
    Try running attrib from inside a powershell window. You can run DOS commands in posh, some posh cmdlets are even aliased as old DOS commands, and posh won't care about the long file names. You could also use posh to reset the hidden and read-only attributes, but attrib inside posh has worked for me in these situations.
Sign In or Register to comment.