Yesterday we noticed in our windows samba share machine that it was infected with virus. This is the kind of virus which became common 2 years back which created an executable file with the name same as the current directory name. In a windows machine, the icon was set in such a way that it looked exactly like a windows directory. If you double click that file (thinking it is a folder), you are sure be infected.

So, I had to delete the files and the shared directory was having numerous folders. I then wrote a bash one liner (not exactly 1 line) to delete the files.

First I used find to get the list of all the exe files in all folders and stored it in a file (exe_files).

This was the command I then used to delete all the files.

cat exe_files | while read line;do l=`ls -lh "${line}"`;size=`echo $l| cut -d' ' -f5`;if [ $size = "604K" ]; then rm "`echo $l| cut -c"47-"`" ;fi; done

What it does is reads each line in the file and finds the size of each file and if the size is ‘604K‘  then remove the file.

Deleting based on the filesize was not that good, as we might have lost some original file which was correctly 604K. If you wanted a better solution, you would have to write one more if clause to check if the filename is the same as the folder name – better to create a shell script instead of trying a one liner.

Thanks to linux, we could delete all the ~6000 virus files in a simple command without the fear of infection.