trying to delete a directory/files

A hacker entered my anonymous ftp site and left alot of music/junk files.  I deleted most of it, but some of the files I can't seem to delete.  It'll either give me an error saying "Cannot delete file: Cannot read from the source file or disk" or "Cannot delete faka: Access is denied.  The source file may be in use."  Can anyone assist with this problem?  Thanks
james1118Asked:
Who is Participating?
 
CrazyOneConnect With a Mentor Commented:
And on this C:\inetpub\ftproot\       \texte

You need to use the short file name
0
 
CrazyOneCommented:
Try this open a command window and do this

Open a CMD.EXE window.
CD to the top of the mess.
Use: DIR /X /A   to see the SHORT FILE NAMES of the files and directories there.
Use a combination of CD, RD, and DEL and the SHORT FILES names reported with DIR /X to delete your way to the bottom and then back up the tree removing the files on the way down and the directories on the way up.
Most likely there is NOT a protection issue here so you shouldn't need worry about ownership or file protections.

RMDIR [/S] [/Q] [drive:]path
RD [/S] [/Q] [drive:]path

   /S      Removes all directories and files in the specified directory
           in addition to the directory itself.  Used to remove a directory
           tree.

   /Q      Quiet mode, do not ask if ok to remove a directory tree with /S


This MS KB article may help

How to Remove Files with Reserved Names in Windows
http://support.microsoft.com/default.aspx?scid=kb;en-us;120716

BEGIN ARTICLE

--------------------------------------------------------------------------------
The information in this article applies to:

Microsoft Windows 2000 , Professional
Microsoft Windows 2000 , Server
Microsoft Windows 2000 , Advanced Server
Microsoft Windows 2000 , Datacenter Server
Microsoft Windows NT Server versions 3.1 , 3.5 , 3.51 , 4.0
Microsoft Windows NT Workstation versions 3.1 , 3.5 , 3.51 , 4.0
Microsoft Windows NT Advanced Server
--------------------------------------------------------------------------------

SUMMARY
Because applications control the policy for creating files in Windows, files sometimes are created with illegal or reserved names, such as LPT1 or PRN. This article explains how to delete such files using the standard user interface.

MORE INFORMATION
NOTE : You must be logged on locally to the Windows computer to delete these files.

If the file was created on a file allocation table (FAT) partition, you may be able to delete it under MS-DOS using standard command line utilities (such as DEL) with wildcards. For example:

DEL PR?.*

-or-

DEL LPT?.*

These commands do not work on an NTFS partition as NTFS supports the POSIX subsystem and filenames such as PRN are legal under this subsystem. However, the operating system assumes the application that created them can also delete them; therefore, you can use commands native to the POSIX subsystem.

You can delete (unlink) these files using a simple, native POSIX application. For example, the Windows Resource Kit includes such a tool, Rm.exe.

NOTE : POSIX commands are case sensitive. Drives and folders are referenced differently than in MS-DOS. Windows 2000 and later POSIX commands must use the following usage syntax:
posix /c <path\command> [<args>] IE: posix /c c:\rm.exe -d AUX.

Usage assumes Rm.exe is either in the path, or the current folder:
rm -d // driveletter / path using forward slashes / filename
For example, to remove a file or folder named COM1 (located at C:\Program Files\Subdir in this example), type the following command:
rm -d "//C/Program Files/Subdir/COM1"
To remove a folder and its entire contents (C:\Program Files\BadFolder in this example), type the following command:
rm -r "//C/Program Files/BadFolder"
Another option is to use a syntax that bypasses the normal reserve-word checks altogether. For example, you can possibly delete any file with a command such as:
DEL \\.\ driveletter :\ path \ filename
For example:

DEL \\.\c:\somedir\aux

--------------------------------------------------------------------------------
Published Jun 3 1997 7:28AM  Issue Type  
Last Modifed Dec 22 2001 12:57PM  Additional Query Words 3.10 prodnt CON PRN AUX CLOCK$ NUL COM1 LPT1 LPT2 LPT3 COM2 COM3 COM4 winnt  
Keywords kbusage  

COPYRIGHT NOTICE. Copyright 2002 Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052-6399 U.S.A. All rights reserved.

END ARTICLE
0
 
james1118Author Commented:
Thanks for the reply.  Once again, if you read the top, you can see that a hacker left these files.  There IS ownership issues and system issues!  I am the administrator of the machine and domain.  I was thinking maybe the hacker used some kind of software to manipulate the file using NFS.  Anyway, the system created a file called HLScan.err file and following is the content.

 Warning : unable to open C:\inetpub\ftproot\texte\6437947\34713014\34713805\34744590\34744940\Tag_by_sierra\34774483\34775614 . Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\texte\6437947\34713014\34713805\34744590\34744940\Tag_by_sierra\34774483\34774793\For_soul . Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\texte\4177406\4187841\      test    . Reason: The system cannot find the file specified.

* Cannot query directory C:\inetpub\ftproot\faka maka\prn . Reason: (null)
* Cannot query directory C:\inetpub\ftproot\faka maka\nul . Reason: (null)
* Warning : unable to open C:\inetpub\ftproot\faka maka\lpt3 . Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\faka maka\lpt2 . Reason: The system cannot find the file specified.

* Cannot query directory C:\inetpub\ftproot\faka maka\lpt1 . Reason: (null)
* Cannot query directory C:\inetpub\ftproot\faka maka\con . Reason: (null)
* Warning : unable to open C:\inetpub\ftproot\faka maka\com4 . Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\faka maka\com3 . Reason: The system cannot find the file specified.

* Cannot query directory C:\inetpub\ftproot\faka maka\com2 . Reason: (null)
* Cannot query directory C:\inetpub\ftproot\faka maka\com1 . Reason: (null)
* Cannot query directory C:\inetpub\ftproot\faka maka\aux . Reason: (null)
* Warning : unable to open C:\inetpub\ftproot\command . Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\       \texte. Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\       \faka maka. Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\       \command . Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\       \       \  . Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\       \ \  . Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\ \texte. Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\ \faka maka. Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\ \command . Reason: The system cannot find the file specified.

* Warning : unable to open C:\inetpub\ftproot\ \       \ . Reason: The system cannot find the file specified.

* Cannot query directory C:\inetpub\030225151758p\com1. Reason: (null)
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
ricardoaugustoCommented:
Did you try to remove he entire directory c:\inetpub\ftproot ?
0
 
CrazyOneCommented:
Part of the problem is you have several folders whose names are reserved Windows name like com2

Did you do what it says to do in this link

How to Remove Files with Reserved Names in Windows
http://support.microsoft.com/default.aspx?scid=kb;en-us;120716
0
 
EtherealKnightCommented:
i had this major problem a while ago, and solved it by doing a scandisk, and i mean the low down dos version, this is in windows xp, the one it uses to scan after it crashes, and you cant use in windows (which is a bummer)... you will have to make an xp boot disk and use it to boot the pc, then run scandisk, it will fix the directory structure so you can delete the folders in the booted dos mode...  this happened to me on win98, but im sure it will help you in whatever op system you are using... it also might help if windows is complaining about reserved names in windows...
0
 
pjedmondCommented:
Normally you can drag the whole directory into the trash can, and then delete trash - If not, create a new directory, and drag everything into that, before dragging the new directory into the trash ans deleting.
0
 
james1118Author Commented:
Thanks CrazyOne.  I've read the documents but the posix command doesn't work, or when I run it, it say process cannot be started.  I couldn't find the rm.exe in my resource cd, so I downloaded the utility from one of the vendors MS supports.  Still no help.  Then, I downloaded cygwin and tried to delete the whole directory, but rm said that I ftproot has circular directory structure and has same inode as '..\ftproot\ '
0
 
james1118Author Commented:
Thanks CrazyOne.  I've read the documents but the posix command doesn't work, or when I run it, it say process cannot be started.  I couldn't find the rm.exe in my resource cd, so I downloaded the utility from one of the vendors MS supports.  Still no help.  Then, I downloaded cygwin and tried to delete the whole directory, but rm said that I ftproot has circular directory structure and has same inode as '..\ftproot\ '
0
 
glebnConnect With a Mentor Commented:
Fred Langa documented this one pretty well. The following link contains all the info you should need to get rid of the files.

http://www.langa.com/newsletters/2003/2003-03-06.htm#1
0
 
CleanupPingCommented:
james1118:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
The_Master_ChiefCommented:
Download this program
http://www.jrtwine.com/Products/DelFXPFiles/

I had some files on my harddrive that I could not delete either and this app got rid of them quickly.
0
All Courses

From novice to tech pro — start learning today.