When Windows permissions get hijacked

Have your Windows permissions been hijacked by spyware, trojans, ftp taggers, a virus or a worm? I often get called in to rescue systems with this problem. Typically a hijacker mangles permissions so that the Windows GUI cannot be used to fix them, resulting in an inability to change, delete or sometimes even to view the files or directories affected.

In some situations SubInACL can be used. When it can be used, this is the way you do it:

• Download and install SubInACL
• Put SubInACL on the path or look up the path to use the command with it’s full path from the command line (It usually installs to “C:\Program Files\Windows Resource Kits\Tools”)
• Go to the command line
• Change to the root directory of the problem
• Run the following commands:

subinacl /subdirec *.* /setowner="administrators"
subinacl /subdirec *.* /grant="administrators"=F

If you’re going to run these without SubInACL on the path you’ll probably run the command something like this:

"C:\Program Files\Windows Resource Kits\Tools\subinacl.exe" /subdirec *.* /setowner="administrators"
"C:\Program Files\Windows Resource Kits\Tools\subinacl.exe" /subdirec *.* /grant="administrators"=F

See the complete SubInACL documentation here. 

If SubInACL doesn’t work, you’ll need to use takeown.exe, the use of which is documented elsewhere on this site.