Can't delete or modify file/directory with reserved names

Some malware (including virus's and other types of programs with bad intentions) as well as some hardening programs and utility's sometimes create files and directorys with illegal names.

Why "illegal" ?
Because some names such as LPT1, LPT2, LPTx, PRN, CON and more are reserved as
they have a unique meaning to the operating system.

Trying to rename/delete/modify a file or directory with such an illegal file name will return
Access Denied

Open in new window

LPT1 (LPTx) for example is usually the parallel port on the computer,
CON is short for console, PRN is printer, etc...

So if you see a directory or file such as

Open in new window

And can't seem to be able and rename or delete it, the reason is that
some names such as PRN, LPTx (LPT1, LPT2, ...), CON and more are system reserved.

The solution is straight forward, to rename for example:
ren \\.\c:\LPT1 c:\NNN

Open in new window

The reason why the line above would work is because of it's prefix:

Open in new window

This is a back door of sorts that causes Windows not to check for illegal file names, this would also
prevent certain commands and is the easiest method to get rid of such files and directory's without disk hex editing.

If you still can access it the file/directory either has attributes turned on, turn off using:
attrib -s -h -r \\.\c:\LPT1

Open in new window

The file/directory might not provide have ACL rights to allow you access, to grant access:
cacls \\.\c:\LPT1 /t /c /g %username%:f

Open in new window

It is highly recommended to have an updated Windows environment (patch's and updates from Microsoft) and have an updated Antivirus program on your system at all times.


Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.