Thursday, March 03, 2005

 

Virus on my FTP server

Somehow a virus got onto my FTP server last week. Fortunately, it was caught and deleted straight away by Norton. What didn't go away was the set of bizarrely named directories under my FTP root.

What a pain these were. You can't delete them from Explorer or from a command prompt. I thought there might still be a rogue process running, so tried all sorts. Ran a virus check, a chkdsk, a Disk Doctor scan. Even ran ProcExp.exe from SysInternals to see if I could find the process locking the files.

After all this failed, I figured it was a file system problem. Either permissions or file names, or both. Turns out I was right: the files were on an NTFS volume and the names and permissions were scrambled.

In the end, here's what I did from Windows Explorer:

(1) Moved all the files from my FTP root folder (c:\FTProot) I wanted to keep somewhere else, leaving just the kak in there.

(2) Selected the top-level folder (c:\FTProot), right-clicked, selected Properties, went to the Security tab, clicked the Advanced button, went to the Owner tab.


AND HERE IS THE IMPORTANT BIT!

(3) The UI sucks here: it shows you who the current owner is, but you still need to select an account name in the "Change owner to:" part of the dialog. I selected my own account (or any in the Administrators group) and ticked the checkbox at the bottom that says "Replace owner on subcontainers and objects". Then I finally clicked the OK button.

(4) Now that I was the owner of all the screwed files and subdirectories etc, I deleted c:\FTProot and recreated my old FTP root folder from a backup. Phew.



Thanks to Dominick Baier for help with the Take Owner UI :-)



Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?