Go Premium for a chance to win a PS4. Enter to Win


deleting thousands of files across thousands of sub folders in windows server 2008

Posted on 2010-08-27
Medium Priority
Last Modified: 2012-05-10

my web hosting server was hacked and a malicious script was run which copied 10 different files to EVERY folder on my server....

luckily it wasn't too disruptive as the homepage of virtually all of the sites i was hosting is index.asp  (and the default document is index.asp) and the script didn't delete any files so in most cases the sites themselves weren't affected ....

i ran a search for all files which were created just after the script was run with a size of 5k (the size of the added files) and found over 300 000 files....

now i'm trying to find a way to mass delete all of these files....

if i select all of the files and hit delete it spends an indefinite amount of time 'calculating' and never actually does anything....

i found that if i drag a few thousand files at a time to the recycle bin this sometimes works, but not always...

has anyone any suggestions for some software or technique i can use to delete all of these files...

Question by:dog_star
  • 3
  • 2
  • 2
  • +4
LVL 10

Expert Comment

ID: 33541266
If they were created with a script, then using a script to delete them would seem to make sense.

If you know the name of the script that caused the problems, you might find your AV vendor (or another) would have a clean-up script.  Symantec:-


are normally quite good at publishing clean-up tools for messy viruses.

Other than that a recursive batch file would probably do the job, but would need to know more details about how the script worked to replicate the behaviour but resolve the problems.

Expert Comment

ID: 33541460
Ok ill help you with the script, but i need to know a few things first.
These 10 files in all the folders, do they have the same name, or extension or anything in common on the entire system?
LVL 14

Expert Comment

ID: 33541490
What script or virus was this? It may provide the information needed to uno this, like is there a prexisting solution (Spybot, Malware-Bytes, or a script).

This  might provide some direction as well

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 33541506

thanks for the ideas...

my worry about running a script is that the pages which have been created are all default page names... ie index.asp, index.htm, index.php, default.asp etcetc

running a script to delete all files with these names would delete an awful lot of files don't want deleted :)

using windows search at least i can see the time created.... all the 'rogue' files were created just after 5.30pm and so are easy enough to spot in the search... deleting them is proving more difficult...

at the moment i'm trying out windows commander to see if that will do a better job than windows explorer...

would a script be able to taget files this specifically? ie by size and by date?

Expert Comment

ID: 33541663
Use this Command:

forfiles /P <DIRECTORY> /S /M <*.extension> /D "<DATE>" /C "cmd /c del /F @file"


forfiles /P C:\Folder /S /M *.txt /D "25/08/2010" /C "cmd /c del /F @file"
LVL 10

Expert Comment

ID: 33541856
OK - in this situation, I would say do it by hand, or restore from a backup to be on the safe side.

Expert Comment

ID: 33541922
If he uses the command above, its going to be fine,

it looks for files newer than a specific date with a specific file extension and deletes them, better of he can move them to a certain directory and check them manually if he wants to.

To move to a directory just change the last part:
/C "cmd /c del /F @file"

/C "cmd /c move @file <DESTINATION> /Y"
/C "cmd /c move @file D:\Files /Y"


Expert Comment

ID: 33541927
You can use advanced search options in Windows to find files created after a particular date; i tihnk you have been successful in doing that. As for the issue with taking too much time to delete, did you try selecting like a bunch of files (not all) and then deleting them in groups?

LVL 11

Accepted Solution

marek1712 earned 2000 total points
ID: 33542737
Alternatively you can use Total Commander's search function to find the files created some time in the past and delete them. It's faster than Windows Search.
LVL 14
ID: 33543050
First Off, don't use Recylce Bin on any files you are certain about Deleting.

Recycle Bin Adds additional time both when sending files to it and when deleting them from it.

Instead HOLD SHIFT and delete normally (right click and select delete, or hit the delete Key)

Second, it sounds like the files are always called "Index.AnyExtention", is this right?  Or is the file "AnyName.AnyExtention"?

We Can do this through many file spec compairisons.

I may be overly cautious for your taste, but I suggest matching files on several atributes "To Insure Proper Service".

Also you should probably MOVE all the files to a different location, in case anything stops functioning.

The best way to acomplish this would be to use Robocopy.

(Sorry from Memory, so please test before running and use RoBoCopy /? To check the command names for age and size)
For 5:28AM To 5:32AM

Robocopy "C:" "\\Server\Share\Save" Index.* /MOV /S /MinAge:20100826 05:29 /MaxAge:20100827 05:32 /MinSize:5119 /MaxSize:5121

However, what would be best is if we can make the selection and then compare the contents of the files, either using FindStr or using FC.

That Would increase the time required, and send us back to using COMMAND Loops, but would allow for a more bulletproof method.


Author Closing Comment

ID: 33545245
thanks everyone for your suggestions...

as i mentioned in my original post windows explorer just can't seem to handle file operations like this with so many files in so many different locations... possibly shift-deleting might have worked better... maybe next time i'll try (though of course hoping there is no next time:))

total commander worked perfectly...

to be on the safe side i actually ran a search defining the rough time all the files were created and , to be on the safe side, i ran a text search looking for all all files which contained certain text which the hacker had put in (specifically the name of the hacker)...

total commander took a couple of hours but it seemed to have found all the files (305,000 altogether).... i then hit delete and after a few seconds thinking it started deleting... its probably going to take a while but at least i can be pretty certain it won't be deleting anything it shouldn't...

again, thanks for all the suggestions

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question