I admit it was my fault, but didn't think it would come so quickly. I had to setup an FTP sever on my Win2K server to give access to some files on a Friday. I setup an anyonomous login with read and write permissions. I came in the following Monday to find several GB's worth of Warez and videos posted on my server. After turing off FTP on my firewall, I tried to clean up. Many of the folders have no names or labels. Some have strange characters for names. The bottom line is I can't delete them. Some of them that I can rename can be deleted, but the rest are here to stay. I get the message "CANNOT READ FILE: CANNOT READ FROM SOURCE FILE OR DISK". Any ideas other than to format the volume and restore the data?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Folders can't be deleted after being hacked
- Thread starter matrix11
- Start date
Many times they create the directories using hidden characters or windows reserved words such as com1. First thing to try is get deltree (I think it is on win98) and try to use that using wildcards. So if the directory starts with c the command in dos would be deltree c* , Also if they have used windows reservered words you will need to bypass reserved word lookup and you can do that like this deltree \\.\ drive letter :\ path \ directory name. I know this sounds kind of confusing so let me know if you have questions.
There are also some posix commands you can use to remove them. This article describes using them.
imstillatwork
IS-IT--Management
What if someone wants to recover the files and not just delete them??? I left my spare server wide open to see what i would catch, and now i want to access it all...about 35 GB in two nights...
matrix, follow this thread i think it will help you dealing with those folders..
thread96-263547...
its like maybe 70 threads ahead
it says a hacker put ....on my server
A+, MCP, CCNA
marbinpr@hotmail.com
Keep fighting for your knowledge!
thread96-263547...
its like maybe 70 threads ahead
it says a hacker put ....on my server
A+, MCP, CCNA
marbinpr@hotmail.com
Keep fighting for your knowledge!
I recently had the same problem. Non of the solutions provided here, were quick or easy. This solved my problem in a matter of a couple minutes. Three commands took care of the whole lot of folders and files.
you must first find copies of rm.exe and subinacl.exe both can be found in the windows resource cd i belive.
copy them to some location in your path then go to a command prompt.
1. subinacl /subdirectories "\\?\c:\yourpathhere\*.*"
/setowner=administrator
2. subinacl /subdirectories "\\?c:\yourpathhere\*.*"
/grant=YOUR_DOMAIN\administrator
3. rm -r c:\yourdirectory
The key was the "\\?\c:\whatever" The quotes are necesary BTW
If you can't find the necesary files email me and as long as the requests aren't overwhelming i'll send them to you.
you must first find copies of rm.exe and subinacl.exe both can be found in the windows resource cd i belive.
copy them to some location in your path then go to a command prompt.
1. subinacl /subdirectories "\\?\c:\yourpathhere\*.*"
/setowner=administrator
2. subinacl /subdirectories "\\?c:\yourpathhere\*.*"
/grant=YOUR_DOMAIN\administrator
3. rm -r c:\yourdirectory
The key was the "\\?\c:\whatever" The quotes are necesary BTW
If you can't find the necesary files email me and as long as the requests aren't overwhelming i'll send them to you.
When this happened to me, I ended up with about 40gb of french language dvd rips in folders named Com1, LPT1, etc.
I was finally able to access all but one of the folders by using "dir /x" to discover the 'short filename' and then using standard filesystem commands.
For example, you can't delete or cd into a folder called Com1, but you can if you use Com1~1 as the folder name. This also works for folders whose names are just a series of spaces.
I did have one folder which, for some reason, did not have a short filename associated with it. That one kicked me around for a couple of hours until I stumbled across a tip somewhere on the net that said that quite often, you could solve that problem by addressing the file/folder through it's UNC path. So I shared the parent folder and used a command like:
ren \\servername\parentfolder\LPT1 \\servername\parentfolder\temp
(that's probably not the exact syntax, I'm working from my memory of something that I had to do once, months ago, but it's something very close to that)
Then I just deleted temp.
Hope that helps out some....
JAF
I was finally able to access all but one of the folders by using "dir /x" to discover the 'short filename' and then using standard filesystem commands.
For example, you can't delete or cd into a folder called Com1, but you can if you use Com1~1 as the folder name. This also works for folders whose names are just a series of spaces.
I did have one folder which, for some reason, did not have a short filename associated with it. That one kicked me around for a couple of hours until I stumbled across a tip somewhere on the net that said that quite often, you could solve that problem by addressing the file/folder through it's UNC path. So I shared the parent folder and used a command like:
ren \\servername\parentfolder\LPT1 \\servername\parentfolder\temp
(that's probably not the exact syntax, I'm working from my memory of something that I had to do once, months ago, but it's something very close to that)
Then I just deleted temp.
Hope that helps out some....
JAF
JAF,
Just wanted to thank you for your tip. I've had a folder on my old file server for about six months that I couldn't get rid of because the user named it with a ".." at the end. I used the dir /x, deleted it with that name, and it's all gone!
One of those little annoyances out of my life for good! lol, thanks.
Dave
Just wanted to thank you for your tip. I've had a folder on my old file server for about six months that I couldn't get rid of because the user named it with a ".." at the end. I used the dir /x, deleted it with that name, and it's all gone!
One of those little annoyances out of my life for good! lol, thanks.
Dave
Glad I could help - I picked that up as a result of a very steep and rapidly acquired learning curve when I was screwing around with my ftp server and inadvertantly left anonymous access enabled for about 48 hours..... All of a sudden, my 40gig d: drive is full to overflowing, and it takes me nearly a half hour to find the "stash". Someone had managed to install a copy of Serv-U on my system and was serving up DVD rips out of d:\i386\help\languages\japanese\scanned\by\3L33t\filled\by\dAmAn\Com1\movies.
Anyway, I use the trick quite often now when I want to save a bunch of path typing when working at the command prompt.
JAF
Anyway, I use the trick quite often now when I want to save a bunch of path typing when working at the command prompt.
JAF
- Status
Similar threads
- Locked
- Question
- Locked
- Question
