Want to get rid of "non-existent" files and folders
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Want to get rid of "non-existent" files and folders

  1. #1
    Junior Member
    Join Date
    Jun 2002
    Posts
    4

    Want to get rid of "non-existent" files and folders

    Hi,

    My Windows 2000 server has been hacked into recently. I was left with several
    folders and files that, when attempting to delete as Administrator, will
    not delete.

    Instead, an error occurs that says "Cannot delete file: Cannot read from
    source file or disk". When I try to look at the Properties for the file
    or folder, it will tell me "Size: 0 bytes", "Size on disk: 0 bytes", and
    created/modified/accessed date fields are blank.

    Tried to use deltree or delete capabilities from DOS, but unfortunately Win2K's
    DOS emulators don't seem to work the same as the real deal.

    Can anyone help me get rid of these files, please?

    Thank you

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    800
    boot up into safe mode command prompt only and try it. Other than that i have no idea
    [gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]

  3. #3
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    Umm... another suggestion... they may actually be ghost folders created by bad clusters on your hard disk. I had random files and folders appearing on one of my computers for a while, and I did a chkdsk and discovered that there were a series of bad clusters. Once I fixed the clusters, I could delete the files and folders. To this day, I still don't know what files they were orphans of, but it couldn't have been anything too important since I didn't have any pseronal files on there. So, I recommend you run a scandisk or chkdsk to see if there's anything wrong with the drive.

    AJ

  4. #4
    Junior Member
    Join Date
    Jun 2002
    Posts
    29
    What i have leard from prev situations like this all you hace to do is cut the folder and past it in the resicle bin
    Join the White Hat universe!

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Well I do not know the nature of your hack, as in buffer overflow, exchange exploit PM the details. Be more specific as you feel comfortable with here. There are several tools (scripts) used at the CMD promt that can deal with Active Directories and issues. Do what was suggested use F8 to safe mode and manually delete from there. Or try this to delete folders note some modifications may be needed to reflect your system

    strComputer = "."
    Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set colFolders = objWMIService.ExecQuery _
    ("Select * from Win32_Directory where Name = 'c:\\Scripts'")
    For Each objFolder in colFolders
    errResults = objFolder.Delete
    Wscript.Echo errResults
    Next
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  6. #6
    Junior Member
    Join Date
    Jun 2002
    Posts
    4

    Thanks for the suggestions

    Hi again,

    I'll try out all the suggestions. Unfortunately, the server is remote, and I'm VNC (similar to PCAnywhere)'ing into the server at the moment, so any reboot of the server cuts off my ties to the server. When I can, I'll try make a trip down to the colo facility and do it there.

    As for the chkdsk or scandisk, i'll give that a shot, probably schedule it at a certain time in the morning.

    Thanks for all the suggestions

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Location
    Ireland
    Posts
    735
    What were they called? Do they have messed up ASCII letters or are they just regular words?

  8. #8
    Junior Member
    Join Date
    Jun 2002
    Posts
    4
    There are several folders that have normal names on them like "tagged", "dont upload anything", etc, which are 0kb in size.

    Inside the tagged folder ("Upped by <hacker name here>"), there is an errorlog.txt file that has a size of 1kb in the Details View mode, but has 0kb size in the Properties dialog box.

    None of these files can be erased by normal deletion methods, but hopefully one of the proposed solutions will work, when I get a chance to test it.

    Anyone know how these files/folders were created?

    Much appreciated.

  9. #9
    Junior Member
    Join Date
    Jun 2002
    Posts
    21
    If you can, rename the files. It's a trick I have found usefull in this situation. The easiest way to break the 'protection' of something is to change it. If you can change the names you will be able to delete the newly named files.
    \"The fifth horseman of the apocalyse?\"
    \"Yeah, he left the group before they hit it big.\"
    T. Pratchett

  10. #10
    Junior Member
    Join Date
    Jun 2002
    Posts
    4
    Tried to rename, got error:

    Error renaming File or Folder:
    Cannot rename file: Cannot read from source file or disk.

    Worth a shot, though, but I may have tried this in the past.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •