Creating a 'locked' file....

Discussion in 'Software' started by dlb, Nov 11, 2010.

  1. dlb

    dlb MajorGeek

    Is it possible to create a "locked dummy" file that can't be overwritten? Lets say -for example- that I have a virus that continuously generates a file named i_suck.dll over and over, no matter how many times I delete it; can I create a file named i_suck.dll with attributes set to where another i_suck.dll cannot be created and overwrite/replace my file? The reason I ask: I recently dealt with a serious malware infection where I simply could NOT locate the source of the main infection (the 'parent' that kept regenerating i_suck.dll), and creating a locked unreplaceable un-overwritable 'child' file would have been very handy. I did eventually realize that a rogue userinit.exe and winlogon.exe were responsible (along with a fake shell.dll and compromised atapi.sys driver working with the others). These created the 'child' file every time the PC was restarted..... anyway ...... if I had been able to create an irreplaceable and un-overwritable file, I could have saved myself A LOT of time (and therefore saved my client A LOT of money).....
     
    dlb, Nov 11, 2010
    #1
  2. sach2

    sach2 Major Geek Extraordinaire

    What if you created the file and then in Properties>Security removed all users except SYSTEM? Or denied all users all access including Read and Write.

    (I didn't try it because I don't want to get stuck with a locked file on this machine but I would think an administrator could go back and add themselves as a user with permissions later. I would be cautious about removing SYSTEM as a user because I don't know what that would mean?)

    I try it on an old machine next time I boot it up if you don't experiment first.
     
    sach2, Nov 11, 2010
    #2
  3. mjnc

    mjnc MajorGeek

    If you create the file and then set the attributes to Read Only, that may work.
     
    mjnc, Nov 12, 2010
    #3
  4. mjnc

    mjnc MajorGeek

    I know this is really basic stuff, but here it is anyway.

    To change the Read Only file attribute:

    • In Windows Explorer:
      right click the file name -> select Properties -> General tab -> Attributes:
      tick the Read Only check box
    • from CMD prompt:

      Read Only ON
      attrib +R [drive:][path]{filename]

      Read Only OFF
      attrib -R [drive:][path]{filename]

    Hope this works for you.
     
    mjnc, Nov 12, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds