matthewk Posted November 24, 2007 Posted November 24, 2007 Hey guys,I had this trojan that created itself along with an autorun.inf on all drives (and all usb removable drives that were inserted into my pc). I have one hard disk that is partitioned into c: and d: , and I formatted and reinstalled windows on c:\ thinking it would clear it up. Oddly enough, when I had winxp reloaded, d: still had the exe and autorun.inf there. So, it corrupted my windows install/process list when I viewed my d: drive.To get rid of it, I opened a dialog and checked the box to deny the writing of d: for the admins group and system. I left that open, and brought up the explorer window with d:\ showing the exe file and the autorun.inf file. I selected them both, deleted, and quickly hit apply on the permissions dialog box for d:\. So, the files didn't get recreated.I formatted c:, and reinstalled windows again, and now the two files and hidden process in windows is gone. The only problem is windows still has the denied permissions for writing to d:\ set (see img below). I was surprised that these permissions were still existing after a reinstall. Anyone have a solution for me? I believe the only thing remaining to do is restore my writing permissions for my admin&system groups.Thanks,Matthew K
Idontwantspam Posted November 24, 2007 Posted November 24, 2007 Permissions are stored in each file, folder or drive's Access Control List (ACL), which is NOT changed when you reinstall on a different partition, move the disk to another computer, etc. Therefore, the permissions you set remain even after a reinstall. Why not just restore permission? Is there a problem with doing so?
matthewk Posted November 24, 2007 Author Posted November 24, 2007 (edited) Why not just restore permission?How do I do that? I am logged in with the only admin user that I created when I reinstalled windows, and the box is grayed-out. Edited November 24, 2007 by matthewk
Idontwantspam Posted November 24, 2007 Posted November 24, 2007 Oh, I see. The problem is that when you reinstalled windows, you possibly got assigned a new SID. Meaning you don't own the drive. Take ownership of it. Click the owners tab, select the administrators group and click OK a few times. Close all the dialogs open, then try to give yourself permission again.
matthewk Posted November 24, 2007 Author Posted November 24, 2007 That worked, thanks a lot I actually tried it and didn't think that it worked. I just went back to try it again, and I noticed that they were available for me to get the permissions back. Thanks a lot for your replies.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now