I'm not sure if this is really the right place to post a question like this but I thought hey, somebody might know here.

At the place where I work they are running a Windows NT server service pack 4 or 5 I believe.

A little while ago some hackers found a hole with the FTP service and managed to upload Warez stuff like a few games as well as Windows XP german edition(lol).

Some of these directories that were created have funny characters and spaces and stuff.

We have been unable to find anyway to get rid of these folders, we are just getting errors like it doesn't exist or cannot be found.

Does anyone know how I might be able to get rid of these corrupted directories?

I'm not sure if this is really the right place to post a question like this but I thought hey, somebody might know here.

At the place where I work they are running a Windows NT server service pack 4 or 5 I believe.

A little while ago some hackers found a hole with the FTP service and managed to upload Warez stuff like a few games as well as Windows XP german edition(lol).

Some of these directories that were created have funny characters and spaces and stuff.

We have been unable to find anyway to get rid of these folders, we are just getting errors like it doesn't exist or cannot be found.

Does anyone know how I might be able to get rid of these corrupted directories?

Im sorry to hear what happend, warez is always a big problem. Anyhow I got a few things you might as well try, though I am not sure they will work or not.

1. I guess you could try and rename it, Right click, hit rename, and if you do not get an error, just call it folder and then delete it.

2. Go into dos, get a directory listing dos reads files different and only keeps 8 or 7 chars of the orig name, so mabey that would work.

3. Use dos again and go to where you see the directory, then if you can at least see the first 2 letters or numbers you can try remove ax*

I know that works for copying files like copy *.gif hello
but I dont know if it would work like that.

Anyhow these are really just guesses hopefully someone with experience of this stuff can help you a little more.

rename the files and delete it will works, that happened to me a while ago.

Had that happen once myself, stop all FTP service, open FTP properties from IIS and click active connections or current connections I think it is, and disconnect all users. then delete the entire folder contents and folders from WinNT explorer, then be sure to disable Anon FTP.. restart FTP services and you should be good to go..

Renaming the files doesn't do it.

I'll try deleting it in DOS a couple ways however I suspect it may not work as well.

Windows seems to think it is a directory but prehaps it is not a proper one.

I have no idea if this would work at all, but hey who know.

Go into the folder and create a new folder with the same name as the warez file (or whatever it is) then if it works Just delete the file you just created, and you should be fine.

That's just a guess, I've never tried it before, but you can give it a go and tell me if it works or not... :)

..I dont see why the system wont allow u delete the files/folders. As long as you have the necessary rights this should not be a problem.

Take Ownership, then take full permissions for all the folder in questions, Stop your FTP/IIS service and try deleting them.

If all else fails, there is always a "format c:\" :)

We have tried taking ownerships and changing the permissions as well as shutting down the services to try deleting it, so far we have had no luck.

On Monday I will get the exact error messages we are getting and post them here.

.. you should make sure that you're running the latest SP which is SP6

Alright here are a few examples of the folders I cannot delete no matter what I try, just subtract the "", they are there to show you the spaces in the folder name as well:

"prn.;;ANGELS;%;% "
"prn.;;ChaZzEr;%;% "
"aux.;;Tagged;; "
"aux. ;; "
". _ taggedbyFRoGZFXP _ ."
". _ WAREZ _ ."


The error messages I am getting are the following:

Cannot Delete File: File System error (1026)
Access Denied
Cannot Find file or directory

Alright here are a few examples of the folders I cannot delete no matter what I try, just subtract the "", they are there to show you the spaces in the folder name as well:

"prn.;;ANGELS;%;% "
"prn.;;ChaZzEr;%;% "
"aux.;;Tagged;; "
"aux. ;; "
". _ taggedbyFRoGZFXP _ ."
". _ WAREZ _ ."


The error messages I am getting are the following:

Cannot Delete File: File System error (1026)
Access Denied
Cannot Find file or directory

For those of you running Windows NT IIS ftp servers and have had an attack on your ftp site where someone has created folders and files you can't delete here is a solution:

Steps for removing unwanted files & folders from NT Server IIS ftp site:
1) first using explorer go to the directory that your using for the ftp site and move all the files & folders you wish to keep to a temporary directory some place (create one if you need to).
2) click the start button, choose run, type "command" (don't include the quotes)and then click ok.
3) once the command console is open go to the ftp directory.
4) once in the ftp directory type: "rd "" /s" and hit enter/return.

This will delete all files, directories and subdirectories under the one your in. Now you can move the files/folders in the temp directory back.

Hope that helps!

I tried doing this but it just keeps giving me the error message of "Access Denied" when trying to delete the files this way.

Some of them are special characters, made by using Alt then some numbers. So, you have to do that. I know that the _ is Alt 255. The rest, however, I don't know. Hope this helps.

I know nothing about windows nt administration, but in most UNIXs you can delete files by inode number. Windows NT let you do that?

but check your permissions again. Its possible that that you have NESTED subfolders/files which you do not have permissions to. The biggest problem always has to do with permissions.

Also, try deleting the files in the IIS MMC console one by one. And once again, make sure that your "IIS/Web Publishing server, print folder, FTP, mail and all Internet related services are first taken down" before proceeding with the delete.

The funny characters look like they have been written in a different language?

Alright I managed to get rid of most of it.

I reset all the permissions and ownerships on all the sub-directories manually and managed to get rid of a good portion of it.

However I am still having problems getting rid of a few of them. I'm getting messages like:

"Invalid directory"

Any ideas?