someone has hacked into my computer

[myown]

and made a couple of folders , which i canot get rid of.
i have tried using the normal commands and ftp commands.
i have tried in dos shell to delete them but the error i have is that they are not there.
but they are because when i run dir i can see them

please help.

 

[sixthsense]

i knew this issue with win9x operating system
when someone made a folder with the special characters
embeded from dos
then win98 was not able to delete it from explorer
it had to be deleted manually from the command prompt
by giving rd <foldername> and ofcourse u'd have to know the special character combination someone has used to create it

but i do not see this as an issue with win2000 or nt.
anyway i cant figure out wat else it could be??
Kapil Technical Director
Infovalley Interwebspiders Pvt. Ltd.
Microsoft Certified System Engineer
visit

http://www.interwebspiders.com

If u find the information provided here useful to u then let me know by clicking on the link below s-)

 

[curveball49]

You may want to be certain of the contents of these folders. I would want to be positive before deleting them if I were you.
Since when in Dos you do not see these folders when doing a DIR the folders must have the attribute of hidden. Go to the directory/folder where you should be able to see these folders. you must know exactly what there name is to do this. type attrib foldername and hit enter. You should see a list of that folder with a couple Attributes. Probaby H and R. (Hidden and Read Only) Type ATTRIB FOLDERNAME -R -H and hit enter. You now should be able to see the folder with a DIR command. Now do a DIR and you should see the folder/directory you could not see before. You can now see the folder in windows.
You, while in Dos, may want to Change to that directory and check things out before deleting. While in the directory type attrib and hit enter. If there are hidden files there thy will show as well. You should not have to do anything to these to remove the folder and it's contents in Windows though.
I have seen virus's that have made hidden folders before. Be sure you have the most current updates for your Virus Protection Software and do a FULL ALL FILES scan and not just the PROGRAM FILES scan.
Good Luck, Randall

 

[myown]

i have already viewed the folders in dos mode and as i said these folders are not on the c drive when you do to delete them.
but if you ran a directory listing on the c drive you can see they are there.
they where put there by a hacker that cracked into a ftp site. now i can not get rid of the folders that have no contents.
this has nothing to do with attributes

 

[MoisDude]

You mention that you have tryed many ways and commands. This is what I would try, maybe more than once.

First of all, do you have these settings in your windows explorer:
Disp compressed files and folders in alternate color
Disp the full path in the title bar
Show hidden files and folders
Uncheck- Hide file ext for known file types
Uncheck- Hide protected operating system files

Now then,
(1)In windows explorer.. Can you rename the folder?
Yes- Good. Rename the folder and try to delete.
No- Take the ownership of the folder. In the security tab.

(2)In Dos Mode.. Example: folder is called C:\New Folder22
*** This shows you the Owner ***
C:\dir /q
Volume in drive C is SYSTEM
08/13/2001 01:57p <DIR> BUILTIN\Administrators New folder22
Then try to delete the file with quos &quot;&quot;
C:\del &quot;New folder22&quot;

Is this helping?

Let us know... L8ter!

 

[myown]

thanks for your help
but still no joy
I had the setting's in explorer already.
i could not rename the folder, i recvied an error message &quot;Cannot read from source disk&quot;
There is no security tab on to folder.
in dos mode dir /q does not display who owns the folder.
when i try to delete the folder on dos , i get the error could not find c:\&quot;folder&quot;.
i'm near to wipeing the machine as i don't think there's much else i can do.

 

[mark01]

Have you checked for a virus?

 

[fenris]

Does the directory name have spaces in it? if so, they might be the alt-255 key sequence. Say the directory is called &quot;this one&quot; (without the quotes). At a command promt type &quot;this&quot; with out the quotes and then holding down the alt key type 255 on your numeric keypad, this shold generate a space. Finish typing in the rest of the directory path.

Hope this helps.... Troy Williams B.Eng.
fenris@hotmail.com

 

[myown]

thanks for the help, but
this is not a virus (i think, i have run virus's software).
the directory has spaces and ~~ , which i have tried the alt 255 sequence but still no joy, i get the error &quot;the system carn't find the file specified&quot;

 

[fenris]

Try going into safe mode to delete the directory... Troy Williams B.Eng.
fenris@hotmail.com

 

[Sina]

There could be a special char in the file name such as space before or after the file name that you don't see.

Using the Ascii char in the back of a good old dos book will tell you.

 

[myown]

ok i have booted into safe mode and still canot delete the folder (the same error message apears).
i have tried going into the folder using the alt key and the the num lock keypad.

 

[sixthsense]

hi myown

did u try running scandisk
maybe ur filesystem is corrupt?? maybe!

Kapil Technical Director
Infovalley Interweb Pvt. Ltd.
Microsoft Certified System Engineer
visit

http://www.interwebspiders.com

If u find the information provided here useful to u then let me know by clicking on the link below s-)

 

[sixthsense]

hi again
try running this at the command prompt
chkdsk /f <drive>:
Kapil Technical Director
Infovalley Interweb Pvt. Ltd.
Microsoft Certified System Engineer
visit

http://www.interwebspiders.com

If u find the information provided here useful to u then let me know by clicking on the link below s-)

 

[10100110101]

have you tried to use the command cacls?
in a dos box goto the dir and just type cacls <dirname> you can also use a part of the dirname and fil in the rest with a *

 

[Guest_imported]

You can secure your folders. To secure a folder you don't make it read only or hidden. Those might slow down the normal user but not the power user. If you really want the folder to be secure just set an extended character in the name. To do this, go to the command prompt and change to the directory where you want a new subdirectory. Type&quot;<Alt>2<ALT>1<ALT>1211&quot;. The directory created should look like this in dos mode &quot;+211&quot; or maybe something different. But now go out to windows and try to access this through explorer and you get an error that the folder _211 does not exist, but you still can see it. The reason why I name my folder &quot;211&quot; is so that I can remember the extended character used in the folder. Remember to come back to Webtechgeek.com for more tips.

Found this on a website, maybe it helps

 

[twopoint]

you may actually have to use a hex editor to look at the FAT
and look specifically for the file name pattern that you can see. it looks like he used some hidden charactors when he named the folders. using the editor you can rename them to &quot;AAAAAAAA&quot; or some such. ***DANGER*** know EXACTLY what you are screwing with.

hope this might help

 

[cnd2kdotcom]

It's just a dir made with the null character that dos doesn't recognise. If I'm correct, it's alt 255 with the number pad just like someone else said...

just do this in dos , cd (hold down alt and type 255 and then if that's it, you'll be in that dir and you can type dir and it will show you if there is anything in it. to delete the dir type rmdir alt 255 from the c:\ and it should disappear. I've had that problem before and that worked.

 

[myown]

i have tried using the ascii charcters in dos maode and still no joy.
i have printed a ascii charcter sheet to use from.
the folders in dos mode are displayed the same as in windows explorer.

 

[Doug1936]

Well you have gotten all the &quot;try this&quot; advice, none of which worked. Hopefully you have a backup of the mission critical files on that drinve, and if so, a time saver will be to wipe the drive and reinstall everything. - While this could take 4 -5 hours, depending on the applications this will get rid of the unwanted directories and trojan files that your trojan scanner and anti virus scanner are not catching.

Once everything is reinstalled - re-think your security settings to make the best effort to block a future re-occurance.

Yes, this is a brute force approach, but if nothing else worked, this will take up the least amount of time.

doug@dwhite.ws
MSCE + Internet
Windows 2000 Advanced server I encourage everyone who either has or does not have Anti-Virus protection to visit the link below and scan your system for free!!

http://www.housecall.antivirus.com