There is an infection going around that hides all folders on a network drive and sets them as system folders. Here is a script I wrote that will remove the hidden and system attributes all folders/files in a directory you specify.
It uses the “attrib -h -s” and is not recursive into subdirectories.
For complete removal of the infection, naturally scan all machines. Remove any rouge autorun.ini files and rouge .exe files on the network drive.
Download: UnhideNetworkDriveFolders.v1.zip
I haven’t tested on all system setups and naturally comes with no warranty.
Update 3/22/2013
This script can only be run against a folder ( C:/Production/Shared ) not against an actual mapped drive ( S:/ ) at this time.
Update 3/27/2013
Here is a quick list of things to check regarding cleaning up the infection/worm.
- Scan all PCs with Malwarebytes
- Cleanup the the startup items
- Cleanup and rouge exe files located
- C:\User\%Username%
- C:\User\%Username%\AppData
- C:\User\%Username%\AppData\Roaming
- Find proccess the infection is running under. Example: jjhhgg.exe
- Network drives, Flashdrives, External Harddrives
- Delete all *.exe that mimic a folder and have a folders name
- Delete autorun.inf
- Delete x.mpg
- Deltee anything else odd, rouge .exe files, photos files with .exe extentions
- CMD Prompt, browse to the folder and run
attrib -h -s
- Note this only unhides files, not folders.
- CMD Prompt, browse to the folder and run
FOR /F "tokens=*" %i IN ('DIR /A:D /b') do attrib -h -s "%i"
- Note this only unhides folders, make sure to have the quotation marks