[matthewk]

Hey guys,
I had this trojan that created itself along with an autorun.inf on all drives (and all usb removable drives that were inserted into my pc). I have one hard disk that is partitioned into c: and d: , and I formatted and reinstalled windows on c:\ thinking it would clear it up. Oddly enough, when I had winxp reloaded, d: still had the exe and autorun.inf there. So, it corrupted my windows install/process list when I viewed my d: drive.

To get rid of it, I opened a dialog and checked the box to deny the writing of d: for the admins group and system. I left that open, and brought up the explorer window with d:\ showing the exe file and the autorun.inf file. I selected them both, deleted, and quickly hit apply on the permissions dialog box for d:\. So, the files didn't get recreated.

I formatted c:, and reinstalled windows again, and now the two files and hidden process in windows is gone. The only problem is windows still has the denied permissions for writing to d:\ set (see img below). I was surprised that these permissions were still existing after a reinstall. Anyone have a solution for me? I believe the only thing remaining to do is restore my writing permissions for my admin&system groups.
Thanks,
Matthew K

[Idontwantspam]

Permissions are stored in each file, folder or drive's Access Control List (ACL), which is NOT changed when you reinstall on a different partition, move the disk to another computer, etc. Therefore, the permissions you set remain even after a reinstall.

Why not just restore permission? Is there a problem with doing so?

[matthewk]

Idontwantspam, on Nov 23 2007, 06:53 PM, said:

Why not just restore permission?

How do I do that? I am logged in with the only admin user that I created when I reinstalled windows, and the box is grayed-out.

This post has been edited by matthewk: 23 November 2007 - 07:22 PM

[Idontwantspam]

Oh, I see.

The problem is that when you reinstalled windows, you possibly got assigned a new SID. Meaning you don't own the drive.

Take ownership of it. Click the owners tab, select the administrators group and click OK a few times. Close all the dialogs open, then try to give yourself permission again.

[matthewk]

That worked, thanks a lot I actually tried it and didn't think that it worked. I just went back to try it again, and I noticed that they were available for me to get the permissions back. Thanks a lot for your replies.

[Idontwantspam]

Glad to help.