Somacon.com: Articles on websites & etc.

§ Home > Index > Freeware

DirectoryFixer - Freeware to Delete Undeletable Files in Windows

Problem

You have files with strange, suspicious names in your ftp folders that you can not delete via any means. You can't delete, rename, or move them from the command line or from explorer. You receive error messages like, "The system cannot find the file specified", "Access is denied", or "Cannot read from the source file or disk".

Cause

You have Internet Information Services (IIS) FTP Server running on Windows. The FTP server had (or still has) write access enabled for anonymous users. Someone accessed the server and wrote directories and files to the ftproot directory. The files were placed there so others could access them.

'Hackers' will scan IP ranges to find FTP servers with write access. Once they are found, the hackers will upload their mostly copyrighted files, which may be warez, movies, VCDs, or ISOs, in parts or whole. The IP address and port of the server are distributed to others via mechanisms such as 0-day lists and IRC. Marked, open FTP servers are called tagged (or t@gged). When others download those files, it is called leeching.

The directories and files may contain spaces and special characters. They might contain Windows file system reserved words. These are COM0 to COM9, LPT0 to LPT9, CON, AUX, and NUL. Windows' built-in methods for deleting the directories must be performed one directory or file at a time. Hackers purposely nest the directories deeply to make the recovery process time-consuming.

Solution

  1. Read these directions completely.
  2. Restrict anonymous FTP write access to the folders.
  3. Download DirectoryFixer version 0.30 and unzip the directoryfixer.exe file.
  4. Open a command prompt.
  5. Type directoryfixer.exe DIRECTORY at the prompt, where DIRECTORY is the directory you want to fix.
  6. (Use directoryfixer.exe DIRECTORY > outfile.txt if you want to capture the output, which lists all the old/new file names.)
  7. Type YES and press ENTER to run the renaming process on the directory. WARNING: Renaming can not be undone.

If you receive "Access is denied" errors, then you might need to take ownership of those files. You can do this manually from the "Security" tab of the file/folder properties. To take ownership of all the files/folders in a tree, you can use Microsoft's subinacl utility as follows:

  1. Download subinacl from Microsoft.
  2. Run subinacl.exe to install the program.
  3. Open a command prompt.
  4. Type the following:
    "C:\Program Files\Windows Resource Kits\Tools\subinacl.exe" /subdirectories c:\inetpub\ftproot\*.* /setowner=Administrator /grant=Administrator=F
  5. You can substitute Administrator with any other user specified as DOMAIN\USER.

DirectoryFixer renames all files and subfolders of the path specified on the command line. It works because it is written in C++ and uses the Windows Unicode MoveFile function directly. The action is irreversible, so make sure you have a working backup of your system before running the program. The renaming algorithm is as follows:

  1. Trim leading spaces.
  2. Trim trailing spaces and periods.
  3. Replace non-printable characters with underscore.
  4. Make the entire file name lowercase.
  5. Replace reserved file names with non-reserved names, like "COM_1"
  6. Append random letters if the filename is not unique.

System Requirements

The program requires 100-150KB of disk space and will run on all versions of Windows except Windows Me/98/95.

License Agreement

THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

The program is free. If you find it useful, please link to this page from your website or send me your feedback here.

Notes

You may have to run Directory Fixer and delete files multiple times to clear everything out, especially if you get an error like "Code 183 - Cannot create a file when that file already exists.".

You can see when the activity occured on your FTP server that resulted in the files. Open the directory C:\WINDOWS\system32\Logfiles\MSFTPSVC1. Use a text editor with multi-file search (like Textpad) to search the log files for the uploaded file names.

To get a text file of all the files/folders that will be renamed, follow these steps:

  1. Open a command prompt
  2. Type cd c:\inetpub\ftproot (or the folder you want to list)
  3. Type dir /b /s > FilesList.txt
  4. Open FilesList.txt with Notepad to view the list.

Some files and folders can be deleted by simply specifying the short file name. To do this, follow these steps.

  1. Open a command prompt
  2. cd to the folder you want to list
  3. Type dir /x to see the short file names in that folder
  4. Type rmdir folder~1 /s to remove the folder and all files and subfolders.

Applies To

Windows XP Professional, Windows 2000, 2003, NT 3.1, 3.5, 4.0, Server, Small Business Server, IIS 5, IIS 5.1, IIS 6.0

Links


Created 2005-01-17, Last Modified 2016-12-01, © Shailesh N. Humbad
Disclaimer: This content is provided as-is. The information may be incorrect.