In windows there is a malware that mounts a false executable (522k) and renames the real executables (.exe) in g * .exe and changes the attributes to hidden and read-only
Example:
folder 1
Bar.exe # fake
gBar.exe # real (hidden and only Read)
folder2
Foo.exe # fake
gFoo.exe # real (hidden and only Read)
I would like to know if there is command for Windows (to run with privileges in safe mode), that to do a recursive search of executables (in the whole hard drive) and in case there are coincidences (* .exe and g * .exe in the same directory or subdirectory) that changes the attributes of the .exe real, delete the fake or make the replacement (from g * .exe to * .exe)
Update:
- I have removed the linux command to avoid confusion
This is what I have done so far (it's not a big deal):
for /r "c:\" %%x in (g*.exe) do ren "%%x" "c:\*.exe" attrib -h -s -r +a g*.exe
Update:
The response indicated as correct may eventually compromise system files, so, i will solve the problem from Linux (with my initial proposal) and i abandon the question for Windows
Thank you all for your contribution (special thanks to Pimp Juice IT)