I was uploading a file to a friend and forgot to turn off my FTP server. Needless to say, I was hacked!
They created a ton of directories, that you can not delete from windows explorer. I was able to delete them when I used the short name in dos <dir /x>.
Here is the problem.
They created directories called COM1, COM2, COM3. These directories do not have short names and I can not figure out how to delete them.
Thanks for any help in advance,
Need a little help please
Moderator: TheMachine
Need a little help please
Ocelott Puppythief
Kitty Rogue
Veeshan
"You do not need a parachute to skydive, you just need a parachute to skydive twice"
Kitty Rogue
Veeshan
"You do not need a parachute to skydive, you just need a parachute to skydive twice"
In windows explorer I get the following error.
"Cannot delete COM2: Cannot find the specified file.
Make sure you specified the correct path and filename."
From dos I get the following error.
"The system cannot find the file specified."
I tried using RD COM1 and DEL COM1 from dos.
"Cannot delete COM2: Cannot find the specified file.
Make sure you specified the correct path and filename."
From dos I get the following error.
"The system cannot find the file specified."
I tried using RD COM1 and DEL COM1 from dos.
Ocelott Puppythief
Kitty Rogue
Veeshan
"You do not need a parachute to skydive, you just need a parachute to skydive twice"
Kitty Rogue
Veeshan
"You do not need a parachute to skydive, you just need a parachute to skydive twice"
The reason you cannot delete those directories is because they are named using a naming convention that windows does not understand. Here are some steps you could try first to remove the directories (copied from a newsgroup).
1) Use a "DOS" Command Prompt for the steps below. Example, click on
Start, Run, type CMD [for Windows 2000 / XP / NT / .NET ] or COMMAND
[Windows 95 / 98 / ME ] and click OK to open a Command Prompt window.
2) Use the DIR /X command to find the shortened 8.3 name of the folder.
[Example, the shortened 8.3 name for the "Hackers Files" folder might be
HACKER~5 ]
3) Use the CD command to change to that directory using the 8.3 name
[example CD DOCUME~1 ].
4) Repeat these two commands until you reach the lowest level of the
subdirectory tree that the hacker created.
5) You should then be able to delete all the files in the subdirectory.
6) Use the CD .. [CD space dot dot] command to move up one directory.
7) Use the RD command to remove the directory you just left [e.g. RD
HACKER~7 ]
8) Repeat these two commands until you have removed all the unwanted
folders.
In my experience this did not work and I had to revert to using the rm.exe that is supplied in the windows resource kit. If those steps don't work this should for sure.
http://support.microsoft.com/default.as ... US;Q120716
1) Use a "DOS" Command Prompt for the steps below. Example, click on
Start, Run, type CMD [for Windows 2000 / XP / NT / .NET ] or COMMAND
[Windows 95 / 98 / ME ] and click OK to open a Command Prompt window.
2) Use the DIR /X command to find the shortened 8.3 name of the folder.
[Example, the shortened 8.3 name for the "Hackers Files" folder might be
HACKER~5 ]
3) Use the CD command to change to that directory using the 8.3 name
[example CD DOCUME~1 ].
4) Repeat these two commands until you reach the lowest level of the
subdirectory tree that the hacker created.
5) You should then be able to delete all the files in the subdirectory.
6) Use the CD .. [CD space dot dot] command to move up one directory.
7) Use the RD command to remove the directory you just left [e.g. RD
HACKER~7 ]
8) Repeat these two commands until you have removed all the unwanted
folders.
In my experience this did not work and I had to revert to using the rm.exe that is supplied in the windows resource kit. If those steps don't work this should for sure.
http://support.microsoft.com/default.as ... US;Q120716
Also, you may want to do some file finds on your computer for anything named serverudaemon or firedaemon. Hackers will often install this on your pc as a backdoor to your ftp server. You might want to uncheck allow anonymous on your ftp server in the future as well and check if anyone is still logged into your pc via ftp when you start it up next. That will let you know if they've left open a backdoor.
-
Fairweather Pure
- Super Poster!
- Posts: 8509
- Joined: July 3, 2002, 1:06 pm
- XBL Gamertag: SillyEskimo
I've seen that happen when someone has entered them as ascii chars instead of regular chars. If you hold down the alt key and then enter its ascii value (001, 002, 003) using the num pad, you can usually duplicate the undeleable chars, and then use that to delete the dir name. You need to be in a dos window to do this of course.
For instance, rd 067 079 077 049 while holding down the alt key should get you:
rd COM1
Here is a chart in case you get lost.
http://www3.sympatico.ca/rhwatson/dos7/ ... ascii.html
For instance, rd 067 079 077 049 while holding down the alt key should get you:
rd COM1
Here is a chart in case you get lost.
http://www3.sympatico.ca/rhwatson/dos7/ ... ascii.html
Last edited by Krindol on January 2, 2003, 6:47 pm, edited 1 time in total.
