File Under Technology Category/ies

How To Delete the Hidden Files of the Resik Worm?

Updates via email... Enter your email address:

This is actually part of my post on how to remove the Worm@W32.Resik worm from your PC or Flash Drive. Our visitor who send us an email yesterday, sent us again an email asking me the instructions on how to delete manually the hidden files of the Resik worm.

Yesterday, I posted the instruction on how to view the hidden files created by this worm because they couldn’t be viewed by simply changing the VIEW option of the Windows explorer.

So, since these files can only be viewed in DOS, we can also delete this files at DOS.

However, these files can’t be deleted by immediately deleting them using the DEL command because their attributes are set to hidden and read only. In other words, we should change their attribute first before we can delete them. And here’s how:

  1. Assuming that you already had opened the DOS interface (see our previous post how… step 1)
  2. Change the directory to the Windows system directory by typing at the DOS prompt, “cd c:\windows\system32\” without quote and press ENTER.
  3. Type “attrib inetsrv* -r -s -h” without quote and press ENTER. This DOS command changes the attribute of the files in which their filenames begin with “inetsrv” into minus readonly (-r), minus system (-s), and minus hidden (-h). In other words, these files will be made as not read-only, not system and not hidden files.
  4. To verify if their attributes have been changed already, type at the DOS prompt “attrib inetsrv*” without quote and press ENTER. The DOS will tell you the files’ corresponding attributes whether A for Archive, H for Hidden, R for Read-Only and S for System.
  5. Now, if these files are already with minus hidden attribute and minus read-only attribute, then you can now delete them by typing “del inetsrv*” without quote and press ENTER. If the DOS will ask you whether to delete them all just press Y to confirm the deletion command.
  6. The steps 3, 4 and 5 should be done also when deleting the autorun.inf at the root directory of your Flash Drive, and Voinfo* and Driveinfo* at the directory “Recycled” of your Flash drive. Just replace the INETSRV with VOINFO or DRIVEINFO.

If you still meet problems in deleting them, email me again or just drop your message at our comment section.

Automatically receive updates via email...
Enter your email address:
Delivered by FeedBurner
Save to del.icio.usStumble It!Submit To NetscapeDigg This!
Posted by SELaplana, 27 March 2007 at Technology (No. of Views: 5998)

Comments

3 Responses to “How To Delete the Hidden Files of the Resik Worm?”

  1. No MyBlogLog Account
    1
    Beware of Key Logger residing on your Flash Drive » SELaplana Says:

    [...] How To Delete the Hidden Files of the Resik Worm? Save to del.icio.us • Stumble It! • Submit To Netscape • Digg This! Enter your email address to Subscribe: [...]

  2. No MyBlogLog Account
    2
    Nepotrebni Says:

    NOTE: You have written the attrib comand name wrong in some lines of the how to del the Win32 worm tutorial. You wrote attribe.

  3. No MyBlogLog Account
    3
    SELaplana Says:

    hello. thank you so much for informing about my errors

Leave a Reply

Search Lyrics by Artists: 0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z