[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

WAREZ Demons Tagged my server.

Posted on 2001-06-07
17
Medium Priority
?
174 Views
Last Modified: 2010-04-13
A warez individual has tagged an ftp directory and I can't remove the folder.  It basically will not let me take ownership and will not let me delete it.  Once the attack occurs I can shut that access out but can't delete the files.  PLEASE HELP!!!!!!!!

I see what you said but now it gives me an ACCESS IS DENIED message
0
Comment
Question by:cburns99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +6
17 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 6165158
Open a CMD window and go to the parent folder of the problem file or folder and type:

DIR /X

The /X option will show you the short file name for the bogus and hard to see filename the hacker has used.  You should be able to CD to that short name or RMDIR it if it is empty.  Usually this will be several levels deep and so you'll probably need to go all the way to the bottom and work your way back up.
0
 
LVL 7

Expert Comment

by:franka
ID: 6165204
listening...
0
 

Author Comment

by:cburns99
ID: 6165216
I did the dir/x and found the real name to be com1~1 but when I try to cd further it say ACCESS DENIED
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 32

Expert Comment

by:jhance
ID: 6165225
Then use the ATTRIB -S -R -A on the file name.
0
 

Author Comment

by:cburns99
ID: 6165242
It is not a file it is a directory.  And is that the proper syntax?  the directory is name com1~1
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 6165318
Very provbably the files are still open if you cannot do anything (including taking ownership). Or they start with a dot ".", which can make problems when deleting.

Try stopping yout FTP service and then delete the directory. After you succeeeded, restart the FTP service.
0
 

Author Comment

by:cburns99
ID: 6165379
Nope that didn't work either......AAAAAAAAHHHHHHHHHHHHH!!!!!!!!
0
 
LVL 32

Expert Comment

by:jhance
ID: 6165548
If the directory is named com1~1 then you can remove it with:

RMDIR COM1~1

BUT, and this is IMPORTANT, you must have emptied ALL of the files out of the folder and do this to all the folders below it.

So you probably need to do:

CD COM1~1

then type

DIR /X /A

and keep going DOWN THE HIERARCHY until you hit BOTTOM!!!

Then work your way BACK UP deleting FILES AND FOLDERS as you go.

There is really no way to set file or folder ownership or protections from the FTP server and all the files should be owned by the FTP server service account.  IF you're logged in as ADMINISTRATOR you should have full rights to delete.

You MUST (I repeat MUST) use the proper short file name.  Be 100% SURE you are using the correct name or the delete or remove will fail!!!
0
 
LVL 1

Expert Comment

by:bassque
ID: 6165882
There are many tricks that are used to lock directories so they cannot be accessed by any normal person nor can they be renamed.
Using spaces and special combinations or characters.

If you let me know if your ftp server is on an NT or Unix box and paste me the entire name of the directory they made I should be able to help.

Just a short note.
This will be very easy if you have a unix server, NT can be tricky.

But without knowing the specifics of these tricks it is almost impossible for anyone to figure this out.
;-)
0
 
LVL 1

Expert Comment

by:bwelkin
ID: 6166367
listening
0
 

Expert Comment

by:edsonkuboo
ID: 6808567
try to use rmdir com1~1 /S
0
 
LVL 5

Expert Comment

by:cempasha
ID: 7858958
Dear questionner/expert(s)

No comment has been added lately, so it's time to clean up this TA.
I'll leave a recommendation in the Cleanup topic area that this question is to be:

- PAQ'd and pts removed

Please leave any comments here within the next seven days.

==> PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER ! <==

PaSHa

Cleanup volunteer
0
 
LVL 32

Expert Comment

by:jhance
ID: 7863472
Strongly disagree.  

My comment is EXACTLY the solution here.  

I suggest FORCE ACCEPT to jhance.
0
 

Accepted Solution

by:
SpideyMod earned 0 total points
ID: 7924651
PAQ'd and points NOT refunded.  Several things may be preventing the deletion of this directory.  The RMDIR /S as proposed by edsonkuboo would be easier than jhance's comment, however it is lacking the /D operator which should accompany it to delete any subdirectories as well if they are present.  Still, we cannot be certain that rmdir will work at all in this circumstance.  For instance if a file anywhere in the directory tree is in use, it will fail.  For those skeptics, see the following copied from my personal test:
D:\Downloads\Temp>rmdir com1~1 /s
com1~1, Are you sure (Y/N)? y
com1~1\text.txt - The process cannot access the file because it is being used by
 another process.

Even with all that said, looking at the question, it appears as though the question text was changed some time later to reflect this text: "I see what you said but now it gives me an ACCESS IS DENIED message" which indicates to me there are still problems with the presented solutions.  Without knowing the exact environment and whether or not any of these suggestions worked, the best alternative is to PAQ the question and not refund the points

SpideyMod
Community Support Moderator @Experts Exchange
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 7925707
SpideyMod, good to see that you are familiar with the topics you are cleaning up! Keep up the good work.

And for jhance, if the file/dir does not have an extension, your suggestion would not have worked. In this case, the techique described here would help:
http://support.microsoft.com/?kbid=120716

Anyways, doesn't matter anymore I guess... ;-)
0
 
LVL 32

Expert Comment

by:jhance
ID: 7925901
Clearly it doesn't matter to the person who asked and then abandoned this question.

0
 

Expert Comment

by:SpideyMod
ID: 7927456
jhance,
I know exactly what you are talking about.  I deal with it day in and day out and I get frustrated about it as well.  That would be why "they" gave us the authority to PAQ the question and not refund the points as I've done here so at least they cannot use those points to do it again.

AvonWyss,
Thanks for the kudos.  It doesn't always work out that I know the topics I am moderating, but I guess that's the nature of the beast.  It is the experts that work the real magic for this site!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question