Monday, April 06, 2009

Deleting jwgkvsq.vmx

Just found out that the conficker worm creates an undeleteable autorun.inf in the root drive of the USB drive.

When I tried to delete it, the msg appears as follows:

Error deleting file or folder.

Cannot delete autorun: Access is denied.

Make sure the disk is not full or write-protected
and that the file is not currently in use.


So what I did was to go to the properties of the autorun file.
Click on the Security tab.
Click on the advanced button.
Change the owner to my user. Or add the current user (in my case here, admin) to allow permissions for the full control of the file.

Before I change it, the owner was the worm in the recycler folder.

After adding the owner and changing the permissions, I was able to delete the file.
Thank goodness....

Btw: remember my last post? about jwgkvsq.vmx? It is actually Conficker.

3 comments:

Owen Choo said...

Wah! You are now a professional worm catcher?

Unknown said...

Thank you, good work. You have done the best solution. Congratulations!

devindia said...

Better use "Unlocker" a freeware tool to delete stubborn files.