Help recovering folder names after virus found - w32.changeup

Symantec caught this one, and using attrib -r-h-s drive\folder name I was able to restore some of the folders. I still have some that will not come back, and since they are long folder names, cannot run them from the command prompt. People can still get to the files if they are in their recent documents, but if there is one file they have not opened in a while they have a bit of difficulty getting to it. Does anyone have any suggestions?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Bloogen

I am not familiar with you particular issue but I have had had success deleting/renaming problematic long filenames by using a UNC path instead of a local path.

Instead of:
C:\Users\User\Documents\document.txt

Rename the file from:

\\Computername\c$\Users\User\Documents\document.txt

sratakhin

Try this:
Unhide Download

kriscamaro68

If you know that the files/folders are still their but having issues finding them do to the malware still causing issues try pulling the hd out and hooking it up to another computer and grab the files/folders that way.

JBrown

We just got hit with that cr@p ourselfs. this is what helped us:
Take ownership of the folder, assign Full Privileges to yourself and of course cmd to the folder and
attrib *.* /d /s -s -h -r
apparently the -s and -h sequence does mater.

Hope it helps.

Claymoore

Try running attrib from inside a powershell window. You can run DOS commands in posh, some posh cmdlets are even aliased as old DOS commands, and posh won't care about the long file names. You could also use posh to reset the hidden and read-only attributes, but attrib inside posh has worked for me in these situations.