cburns99n
asked on
New Wares Fun
Hackers placed a folder on my FTP server that i cannot remove called com1. I did a dir/x in DOS to find the real name. The real name is blank how do you cd a blank name? I just want to remove these files. This OS is Windows 2000 server and tells me that deltree is not a command.
ASKER
My OS is W2K Servewr and the deltree command is not available. What do I use instead?
damn, it was such a good idea,,,,, oh well, back to the drawing boards........... i shall return
cburns, you should be able to use escape code 255 to accomplish this.
Esc 255 is code for a blank space character (not equivalent to pressing a space bar once).
To get a Esc 255 blank space, at a DOS prompt hold down your ALT key and press 255 and release the ALT key. This will give you a blank space.
Since you're using Win2k Server, you must use QUOTES around your spaces (this is not so with WinNT 4.0). Treat the ALT-255 as you would any other character and then use the necessary commands to complete what you're trying to do.
The following examples assumes the directory contains two blanks. You'll have to check or test to see how many yours contains.
<examples>
(1) *making* a blank directory (w/2 blanks), type (this is "spelled" out) MD + space + first quote(") + ALT 255 + ALT 255 + ending quote(") + press enter
so in DOS it'll look like: MD " " or MD \" "
(2) *changing* to a blank directory (w/2 blanks), type CD + space + first quote(") + ALT 255 + ALT 255 + ending quote(") + press enter
so in DOS it'll look like: CD " " or CD \" "
(3) *deleting* the contents of a blank directory (w/2 blanks), type DEL + space + first quote(") + ALT 255 + ALT 255 + ending quote(") + press enter
so in DOS it'll look like: DEL " " or DEL \" "
(4) *removing* a blank directory (w/2 blanks), type (this is "spelled" out) RD + space + first quote(") + ALT 255 + ALT 255 + ending quote(") + press enter
so in DOS it'll look like: RD " " or RD \" "
---> Remember, for each space between the quotes, you hold down the ALT key, press 255 and then release the ALT key.
Hopefully, the way I explained this isn't too (at all) confusing -- I didn't know how else to explain it. Let me know if I can clarify any further.
Esc 255 is code for a blank space character (not equivalent to pressing a space bar once).
To get a Esc 255 blank space, at a DOS prompt hold down your ALT key and press 255 and release the ALT key. This will give you a blank space.
Since you're using Win2k Server, you must use QUOTES around your spaces (this is not so with WinNT 4.0). Treat the ALT-255 as you would any other character and then use the necessary commands to complete what you're trying to do.
The following examples assumes the directory contains two blanks. You'll have to check or test to see how many yours contains.
<examples>
(1) *making* a blank directory (w/2 blanks), type (this is "spelled" out) MD + space + first quote(") + ALT 255 + ALT 255 + ending quote(") + press enter
so in DOS it'll look like: MD " " or MD \" "
(2) *changing* to a blank directory (w/2 blanks), type CD + space + first quote(") + ALT 255 + ALT 255 + ending quote(") + press enter
so in DOS it'll look like: CD " " or CD \" "
(3) *deleting* the contents of a blank directory (w/2 blanks), type DEL + space + first quote(") + ALT 255 + ALT 255 + ending quote(") + press enter
so in DOS it'll look like: DEL " " or DEL \" "
(4) *removing* a blank directory (w/2 blanks), type (this is "spelled" out) RD + space + first quote(") + ALT 255 + ALT 255 + ending quote(") + press enter
so in DOS it'll look like: RD " " or RD \" "
---> Remember, for each space between the quotes, you hold down the ALT key, press 255 and then release the ALT key.
Hopefully, the way I explained this isn't too (at all) confusing -- I didn't know how else to explain it. Let me know if I can clarify any further.
ASKER
That does work but it is not the directory name. Although it give no error message it does not let me in.
>> but it is not the directory name
One thing you can do to see whether or not it's using the alt-255 escape code is to do a DIR of ONE alt-225 with an asterick at a DOS prompt to see if it returns ANY blank directories.
<eg>
type (using ONE alt-255 btw the quotes),
DIR " "*
If it returns a blank directory then try changing directories to *one* (alt-255) space then two, three and so on 'til you find it.
Lemme know if how you make out.
One thing you can do to see whether or not it's using the alt-255 escape code is to do a DIR of ONE alt-225 with an asterick at a DOS prompt to see if it returns ANY blank directories.
<eg>
type (using ONE alt-255 btw the quotes),
DIR " "*
If it returns a blank directory then try changing directories to *one* (alt-255) space then two, three and so on 'til you find it.
Lemme know if how you make out.
instead of deltree try rmdir
PLZ use not word hacker.
PLZ check disk, HD more thoroughly. Concept here, is to hide things, 'borrow' disk space. Find what you may have loaned.
PLZ check disk, HD more thoroughly. Concept here, is to hide things, 'borrow' disk space. Find what you may have loaned.
We could pursue alternatives like delTree, command vs CMD, whether you keep fat-16 for flexibility. But issue is more like using Windows to maintain your system. In explorer, you should be able to rename your files, but Microsoft still will not let you rename one that is invalid, go figure. Consider this to have potential need to completely rebuild, as you have corruption you are unclear about.
One of the Microsoft tips is doing this rename (to invalid) as among their 'tips', or is it 'tricks'.
One of the Microsoft tips is doing this rename (to invalid) as among their 'tips', or is it 'tricks'.
not to change to intent of this thread, Praytell, what "nice" word would we like to use for those unfortunate souls that seem to have little or no ability to do more than frack up other peoples lives and/or businesses?
Not for feint of heart, in another EE thread:
https://www.experts-exchange.com/jsp/qShow.jsp?ta=win98&qid=20123619
thread seems to indicate solution is to get someone to slip you NortonUtilities AND some training on the side via eMail. But it does provide, without charge of PAQ pts, the link to:
http://www.activewin.com/tips/explorer_tips_6.shtml
"Windows Explorer Tips: Creating A Hidden Directory
It's amazing how useful this trick is. You have a private directory and you want it hidden to keep off snoopers."
=> this is likely to be continual recurring issue (for those who like to be warned)
https://www.experts-exchange.com/jsp/qShow.jsp?ta=win98&qid=20123619
thread seems to indicate solution is to get someone to slip you NortonUtilities AND some training on the side via eMail. But it does provide, without charge of PAQ pts, the link to:
http://www.activewin.com/tips/explorer_tips_6.shtml
"Windows Explorer Tips: Creating A Hidden Directory
It's amazing how useful this trick is. You have a private directory and you want it hidden to keep off snoopers."
=> this is likely to be continual recurring issue (for those who like to be warned)
OGG, not sure if word should be as kind as 'hacker'. However, to be kind, since older viruses had some similar behavior, my vote is above: "corruption"
no, excuse me, I meant to use word and did not. The O/S calls it invalid. The rename does not work because O/S 'thinks' HD is corrupted. Ergo, if human did it then they are a corruptor who makes filesystems invalid.
but, at this stage, the cause is unknown, as the first tricks dinkering with char 255 have failed.
My recollection is that older dos would let names get created like com1, lpt, lpt1, prn if they did not have colon, or used quotes or dots or something. Ever seen likes of that before?
Once a name is created, some copy commands may work, even though other parts of OS think it invalid.
cburns99n,
Try plain
del <filename>
ren <filename> temp.txt
where filename is every possibility you can think of (wrap in quotes, double quotes, actively use the '.' terminator)
is this fat-16 or ntfs (can we run older tools off DOS boot diskette to help). Old NU for DOS used to be among disk editors that made it easier to flip the few bits needed to clean directory tree.
no, excuse me, I meant to use word and did not. The O/S calls it invalid. The rename does not work because O/S 'thinks' HD is corrupted. Ergo, if human did it then they are a corruptor who makes filesystems invalid.
but, at this stage, the cause is unknown, as the first tricks dinkering with char 255 have failed.
My recollection is that older dos would let names get created like com1, lpt, lpt1, prn if they did not have colon, or used quotes or dots or something. Ever seen likes of that before?
Once a name is created, some copy commands may work, even though other parts of OS think it invalid.
cburns99n,
Try plain
del <filename>
ren <filename> temp.txt
where filename is every possibility you can think of (wrap in quotes, double quotes, actively use the '.' terminator)
is this fat-16 or ntfs (can we run older tools off DOS boot diskette to help). Old NU for DOS used to be among disk editors that made it easier to flip the few bits needed to clean directory tree.
cburns99n, Do you have any (what) utilities available? MS-office, editors, etc. My recollection is that this issue cropped in a couple earlier EE threads, and filesystem cleaners/managers, like scandisk and the ilk did not help, but if you have not tried yet, now may be the time.
This is also a touchy subject, for the EE_censors. For myself, I'd prefer learning, knowing how to control/improve filesystem when I go SysAdmin mode. So I'd put up some pts for elegant solution myself. SOmething more windows-y clickable. All's I can think of at moment is like:
in explorer, drag mouse over filename. Copy it. Go to other area and paste it in to get better view - like paste into a DOS rename command or a dos delete command (similar for subdirectory) or into something where the hex codes can be revealed easily enough. Can't paste into dos, but I can into MS-word or text file, for alternative programmatic view.
Say, got qBasic? SOme NT's do.
This is also a touchy subject, for the EE_censors. For myself, I'd prefer learning, knowing how to control/improve filesystem when I go SysAdmin mode. So I'd put up some pts for elegant solution myself. SOmething more windows-y clickable. All's I can think of at moment is like:
in explorer, drag mouse over filename. Copy it. Go to other area and paste it in to get better view - like paste into a DOS rename command or a dos delete command (similar for subdirectory) or into something where the hex codes can be revealed easily enough. Can't paste into dos, but I can into MS-word or text file, for alternative programmatic view.
Say, got qBasic? SOme NT's do.
czpczp, I hope you realize that 255 is not really ascii for the <space> character. Or <blank>.
cburns99n,
Got stamina? Try on this:
DIR > temp.txt
Debug temp.txt
d
d
d
d
...
q
If you are careful and have good eyes, I think this will reveal the hex code(s) for whatever the non-printable characters are in the filename. They can then be translated to decimal for the num/keypad tricks.
Wouldn't someone (perhaps yourself?) who can handle debug techniques and the alt/esc/keypad techniques to resolve such issues be more warranting of a 'hacker' label? Certainly not all that elegant or gui dependent.
cburns99n,
Got stamina? Try on this:
DIR > temp.txt
Debug temp.txt
d
d
d
d
...
q
If you are careful and have good eyes, I think this will reveal the hex code(s) for whatever the non-printable characters are in the filename. They can then be translated to decimal for the num/keypad tricks.
Wouldn't someone (perhaps yourself?) who can handle debug techniques and the alt/esc/keypad techniques to resolve such issues be more warranting of a 'hacker' label? Certainly not all that elegant or gui dependent.
FTP Security: https://www.experts-exchange.com/jsp/qShow.jsp?qid=20116716
hmm,,
hmm,,
umm, say,
This is FTP, huh? How's about then..
try access through ftp
use ftp to delete, rename or move the junk out
This is FTP, huh? How's about then..
try access through ftp
use ftp to delete, rename or move the junk out
Open windows explorer
Select parent directory of your offending folder
The folder you want to remove should be in the right hand pane of the explorer window.
Right Mouse click on it.
The menu will allow you to select delete. Do that
Confirm deletion.
If unsuccessful
Right mouse click again and select properties
Make sure that it is not protected, hidden etc.
Try again.
If it still fails you may need to try to take ownership and then repeat the above processes.
If it is still unsuccessful then post here again with whatever results and messages you got and I'll try some other ideas.
Cheers
Select parent directory of your offending folder
The folder you want to remove should be in the right hand pane of the explorer window.
Right Mouse click on it.
The menu will allow you to select delete. Do that
Confirm deletion.
If unsuccessful
Right mouse click again and select properties
Make sure that it is not protected, hidden etc.
Try again.
If it still fails you may need to try to take ownership and then repeat the above processes.
If it is still unsuccessful then post here again with whatever results and messages you got and I'll try some other ideas.
Cheers
>> czpczp, I hope you realize that 255 is not really ascii for the <space> character. Or <blank>.
Yes, it's actually an ascii NULL character. For the purposes of this thread, "calling" it a blank makes it easier to explain to cburns what I want him to try.
Yes, it's actually an ascii NULL character. For the purposes of this thread, "calling" it a blank makes it easier to explain to cburns what I want him to try.
Open Windows Explorer.
Select parent directory of your offending folder
The folder you want to remove should be in the right-hand pane of the window.
Double-click on the "name" of the folder
(not on the "folder" icon to the left of the "name").
Press 'X'.
Press ENTER.
You have now renamed the folder to the name 'X'.
Click once on the 'X'.
Hold the SHIFT key down, and press DELETE.
You have now deleted the folder.
Select parent directory of your offending folder
The folder you want to remove should be in the right-hand pane of the window.
Double-click on the "name" of the folder
(not on the "folder" icon to the left of the "name").
Press 'X'.
Press ENTER.
You have now renamed the folder to the name 'X'.
Click once on the 'X'.
Hold the SHIFT key down, and press DELETE.
You have now deleted the folder.
You don't need to rename the folder to delete it.
Cheers
Cheers
but you probably do. Point is, two names are corrupted and OS is not allowing the new valid name since it detects old invalid name (corrupted). A directory is not deletable while it has content, even though content is corrupted.
Try yourself to create either a file or directory named COM1, for example. Try rename another to that name. Interesting? Compare DIR command. Compare Unix & ls.
cburns99n,
Rather than running debug as above, this may help simplify the other, try hex editor like (freeware) frhed:
http://homepages.tu-darmstadt.de/~rkibria/#frhed
Medium Goal here is identification of the hex values in the name, using copy/paste from explorer, to insides of a file. If identified, then techniques like using DOS such as in czpczp may be pursued more efficiently.
Sorry, I just know I've seen this in EE a few times before, but had not time to dwell then. I search now, cannot find.
Of course reBuilding disk would work, I am looking for something less inelegant.
Before Win9x, NortonUtilities (NU) - the hex editor (not doctor_upper) was more than satisfactory for corruption situations like this. When editor walks tree, and hits filename, or directory name, you get to simply type over the name, perhaps erasing bytes to kill files, adding chars to restore files, and the like. One would think that all these years of development later, the Windoze Explorer would be so kind - to the Administrator, at least.
Try yourself to create either a file or directory named COM1, for example. Try rename another to that name. Interesting? Compare DIR command. Compare Unix & ls.
cburns99n,
Rather than running debug as above, this may help simplify the other, try hex editor like (freeware) frhed:
http://homepages.tu-darmstadt.de/~rkibria/#frhed
Medium Goal here is identification of the hex values in the name, using copy/paste from explorer, to insides of a file. If identified, then techniques like using DOS such as in czpczp may be pursued more efficiently.
Sorry, I just know I've seen this in EE a few times before, but had not time to dwell then. I search now, cannot find.
Of course reBuilding disk would work, I am looking for something less inelegant.
Before Win9x, NortonUtilities (NU) - the hex editor (not doctor_upper) was more than satisfactory for corruption situations like this. When editor walks tree, and hits filename, or directory name, you get to simply type over the name, perhaps erasing bytes to kill files, adding chars to restore files, and the like. One would think that all these years of development later, the Windoze Explorer would be so kind - to the Administrator, at least.
I am running W2K Server and can delete a folder and its contents by right clicking in explorer. I have even deliberately corrupted a file within a folder and been able to successfully delete it.
Certainly Sunbows comments about the old NU are valid. A question mark at the beginning of a file name entry within a directory block indicated that the file was deleted and the space was reusable. The list continues.
Do try the above and let us know the result - even if it fails it is still closer to the correct result because we will have eliminated 1 wrong choice.
Cheers
Certainly Sunbows comments about the old NU are valid. A question mark at the beginning of a file name entry within a directory block indicated that the file was deleted and the space was reusable. The list continues.
Do try the above and let us know the result - even if it fails it is still closer to the correct result because we will have eliminated 1 wrong choice.
Cheers
OnNet used to offer Windoze version of ftp that could locate files with cursor, rather than keyboard, if interested in that approach. It had delete functions, but company was sold and I am personally unaware of how well it may have been maintained recently for Win2K and ntfs. Then too, like Norton's, it likely costs them buccarroos.
Still, use of ftp w/delete seems more appropriate as admin tool than using several strokes of keypad to make up more characters that display poorly (and may not resolve the com1 issue).
On a lark, supposing this was at least contained within ftproot, have you considered trying to uninstall a global 'all' web services from server? My guess is that it would delete only the old .exe's and leave all the new data (corruption) for you, being kind in assuming you want the new stuff (corrupted/swiped space).
Still, use of ftp w/delete seems more appropriate as admin tool than using several strokes of keypad to make up more characters that display poorly (and may not resolve the com1 issue).
On a lark, supposing this was at least contained within ftproot, have you considered trying to uninstall a global 'all' web services from server? My guess is that it would delete only the old .exe's and leave all the new data (corruption) for you, being kind in assuming you want the new stuff (corrupted/swiped space).
Fenman,
This is not file content corruption, but name corruption of two kinds. One is a special case of an invalid character and the other is a special case of a reserved name. And not just file, but the name of subDirectory, which in MS_OS is different handling than simple name of file. In Unix, COM1 would really be a file. In MS_OS, it is not, but sometimes MS_OS thinks it is. So, when you try delete, should it attempt to delete the port? Or rename the port? IMO we deal here with an OS that has trouble making up its mind what to do. Hence, we go to EE for help.
But, we are also supposed to dance here on issue of not explaining too clearly. As a hacker dictionary I hit on today mentioned about the people who propogate, they are not all that versed in coding and rules as are hackers. There are some we don't want to help too too much. Yet I for one still prefer open communication, and availability of the information. The SysAdmin should have better info than the kid ditching classes.
This is not file content corruption, but name corruption of two kinds. One is a special case of an invalid character and the other is a special case of a reserved name. And not just file, but the name of subDirectory, which in MS_OS is different handling than simple name of file. In Unix, COM1 would really be a file. In MS_OS, it is not, but sometimes MS_OS thinks it is. So, when you try delete, should it attempt to delete the port? Or rename the port? IMO we deal here with an OS that has trouble making up its mind what to do. Hence, we go to EE for help.
But, we are also supposed to dance here on issue of not explaining too clearly. As a hacker dictionary I hit on today mentioned about the people who propogate, they are not all that versed in coding and rules as are hackers. There are some we don't want to help too too much. Yet I for one still prefer open communication, and availability of the information. The SysAdmin should have better info than the kid ditching classes.
oh, by elegance, I suppose a drag&drop 'move' to recycle canister, then an unemotional empty of trashcan would suffice. But,
errr, what is emoticon for embarrassedly pink and confused?
I succeeded in making a test directory with filenames containing that 'visible space' using <alt>255 in various combinations and subdirectory depth on an NT4 desktop, sp5. Each case, just scrolling around in Explorer, highlight any directory, press delete, it and all its subordinates disappear. Nothing special in technique to dump them. What am I missing? I tried again on Win2K desktop, then server. All disappear at the press of single key - delete, from windows with no help of DOS.
errr, what is emoticon for embarrassedly pink and confused?
I succeeded in making a test directory with filenames containing that 'visible space' using <alt>255 in various combinations and subdirectory depth on an NT4 desktop, sp5. Each case, just scrolling around in Explorer, highlight any directory, press delete, it and all its subordinates disappear. Nothing special in technique to dump them. What am I missing? I tried again on Win2K desktop, then server. All disappear at the press of single key - delete, from windows with no help of DOS.
I succeeded in copying the filename to file then opened with the free hex editor above and saw the code 'A0'. Hmm!
from the EE link I gave above, dogztar recommended running Command and:
...
> "5. type REN <name of your directory>, then hold right-ALT key, and press 0255, then release ALT, then type a space, then type OK-name"
>"This will rename the directory/folder to "OK-name" which you can then change from F2 or right-click/Rename."
...
One thing I had missed was the difference that can be derived of a leading zero. (provides hex 'FF'). Using it to rename in windows displays a 'y' with dots above it. A few attempts at creating names, led to none I can fail to easily delete from explorer. But I did not use ftp directory or sharing or com1.
But there is another reason for my quote of dogztar reference. Note the location of the delimiter. Hmmm. Looks familiar. As in, the buffer.
I also wonder on whether improving the techniques for managing long filenames vs DOS' shortnames can help isolate and manage this 'issue'. (where one is 'bad', use the other)
from the EE link I gave above, dogztar recommended running Command and:
...
> "5. type REN <name of your directory>, then hold right-ALT key, and press 0255, then release ALT, then type a space, then type OK-name"
>"This will rename the directory/folder to "OK-name" which you can then change from F2 or right-click/Rename."
...
One thing I had missed was the difference that can be derived of a leading zero. (provides hex 'FF'). Using it to rename in windows displays a 'y' with dots above it. A few attempts at creating names, led to none I can fail to easily delete from explorer. But I did not use ftp directory or sharing or com1.
But there is another reason for my quote of dogztar reference. Note the location of the delimiter. Hmmm. Looks familiar. As in, the buffer.
I also wonder on whether improving the techniques for managing long filenames vs DOS' shortnames can help isolate and manage this 'issue'. (where one is 'bad', use the other)
> You don't need to rename the folder to delete it.
In this case, you do, since the directory-name
is "<C><O><M><1><blank><blank
where each <blank> is X'20' (an ASCII "blank"),
not some other hex-code.
If you try to delete the "un-renamed" folder, Windows complains "file not found".
In this case, you do, since the directory-name
is "<C><O><M><1><blank><blank
where each <blank> is X'20' (an ASCII "blank"),
not some other hex-code.
If you try to delete the "un-renamed" folder, Windows complains "file not found".
> how do you cd a blank name?
try?:
cd " "
or?
cd "<alt>255"
> since the directory-name is
hmm, 4 blanks, no "~1" appendage...
I still would like some specific verification on length, # characters from cburns99n, so
cburns99n,
when you are admin in an explorer window, select file(s) with mouse, right click, select rename, now
use cursor arrow keys to run up a count on the characters, both those you can see and those you cannot.
try?:
cd " "
or?
cd "<alt>255"
> since the directory-name is
hmm, 4 blanks, no "~1" appendage...
I still would like some specific verification on length, # characters from cburns99n, so
cburns99n,
when you are admin in an explorer window, select file(s) with mouse, right click, select rename, now
use cursor arrow keys to run up a count on the characters, both those you can see and those you cannot.
?
yes well sounds like someone unicoded your box hehe , sorry shouldnt laugh.
Normally the com1 dir's are COM1alt-0160
that should let u in, u are also going to have to search for the serv-u exe stashed as well as the kill.exe the tftp.exe and that other telnet bit that they would have added somewhere in there all in places they probably should
not be
any decent divx?? ;)
even if u had anon axs allowd u will have to search for the 3rd party ftp damon they might very well have added as it gets around the iis issue of disabling bounce and is the prefered choice for the pub maker until u remove this u wont keep them from making liberal use of your bandwidth
the dirs are probably locked as well which will cause you hassles in deleting them but u can remove them with some mucking about, dir locking might also stop u from renaming ( not sure as its been a long time).
hope my vauge response is of some help
One last bit , If they were beginners they might have been stupid n left the log active on their 3rd party damon which might let u know who they r if u can match the root account logins with ips
Normally the com1 dir's are COM1alt-0160
that should let u in, u are also going to have to search for the serv-u exe stashed as well as the kill.exe the tftp.exe and that other telnet bit that they would have added somewhere in there all in places they probably should
not be
any decent divx?? ;)
even if u had anon axs allowd u will have to search for the 3rd party ftp damon they might very well have added as it gets around the iis issue of disabling bounce and is the prefered choice for the pub maker until u remove this u wont keep them from making liberal use of your bandwidth
the dirs are probably locked as well which will cause you hassles in deleting them but u can remove them with some mucking about, dir locking might also stop u from renaming ( not sure as its been a long time).
hope my vauge response is of some help
One last bit , If they were beginners they might have been stupid n left the log active on their 3rd party damon which might let u know who they r if u can match the root account logins with ips
> hope my vague response is of some help
Within Experts Exchange, it is considered impolite
to make a "vague" posting, and then claim it to be
an "answer", especially when other experts have
previously posted the same information.
> dirs are probably locked as well,
> which will cause you hassles in deleting them
It is easy to "unlock" -- just reboot your computer.
Within Experts Exchange, it is considered impolite
to make a "vague" posting, and then claim it to be
an "answer", especially when other experts have
previously posted the same information.
> dirs are probably locked as well,
> which will cause you hassles in deleting them
It is easy to "unlock" -- just reboot your computer.
sorry was ment as a comment , my appoligies
<sigh> not so less vague than so many
ASKER
I have tried all of the above attempts at deleting this directory with no luck. It seems that some directories have no name (com1) I have tried every trick I know with no luck.
Here's an extract from an IIS-log,
showing the uploading of one "warez" file:
---
#Software: Microsoft Internet Information Server 4.0
#Version: 1.0
#Date: 2001-06-16 00:00:04
#Fields:
date 2001-06-16
time 00:00:04
c-ip 213.113.121.170
cs-username yourname@yourcompany.com
s-ip 209.164.46.1
cs-method [19399]sent
cs-uri-stem /tmp+/~~TAGGED~~/~!@FOR+TH
cs-uri-query -
sc-status 226
sc-bytes 15360000
cs-bytes 0
time-taken 421797
cs-version FTP
cs(User-Agent) -
cs(Cookie) -
cs(Referer) -
------
Note that the HTTP-method uses '+' instead of a "blank",
and that the URL ends with a (substitute for) "blank".
Not "ALT-anything" -- just a "blank".
showing the uploading of one "warez" file:
---
#Software: Microsoft Internet Information Server 4.0
#Version: 1.0
#Date: 2001-06-16 00:00:04
#Fields:
date 2001-06-16
time 00:00:04
c-ip 213.113.121.170
cs-username yourname@yourcompany.com
s-ip 209.164.46.1
cs-method [19399]sent
cs-uri-stem /tmp+/~~TAGGED~~/~!@FOR+TH
cs-uri-query -
sc-status 226
sc-bytes 15360000
cs-bytes 0
time-taken 421797
cs-version FTP
cs(User-Agent) -
cs(Cookie) -
cs(Referer) -
------
Note that the HTTP-method uses '+' instead of a "blank",
and that the URL ends with a (substitute for) "blank".
Not "ALT-anything" -- just a "blank".
How 'bout using a deltree equivalent? The following (NT specific) batch does what the 9x deltree command
does using the same syntax (deltree DirName).
I created a blank directory which included many subdirectories (including blank ones) and files and
the following batch wipes them all out. Like you, I got the actual name of the "blank" directory by
using "dir /x".
So using this batch, do:
deltree com1
rem ~~~~~~~~~~~~~~~~~~~~~~~~~~
@echo off
cls
if /i %1$==$ goto :Missing
if not exist %1\. goto :NoDir %1
echo.
echo Are you sure you want to delete ALL the FILES within %1?
echo --------------------------
echo Press Any Key to Continue or CTL-Break to Abort
pause>nul
for /f "tokens=*" %%i in ('dir %1 /b /x /a-d') do del "%1\%%i"
echo.
echo.
echo Are you sure you want to remove all SUB-diretories from %1 ?,
echo --------------------------
echo Press Any Key to Continue or CTL-Break to Abort
pause>nul
for /f "tokens=*" %%a in ('dir %1 /b /x /ad') do rd /s /q "%1\%%a"
cls
echo.
echo Removing "%1"....
echo --------------------------
echo Press Any Key to Continue or CTL-Break to Abort
pause>nul
rd %1
cls
echo.
echo Complete !
goto end
:Missing
cls
echo.
echo.
echo Incorrect Syntax -- Use BatName (space) DirectoryName (i.e. Deltree Com1)
echo.
echo.
goto end
:NoDir
cls
echo.
echo.
echo Directory %1, does not Exist.
echo.
echo.
:end
rem ~~~~~~~~~~~~~~~~~~~~~~~~~~
does using the same syntax (deltree DirName).
I created a blank directory which included many subdirectories (including blank ones) and files and
the following batch wipes them all out. Like you, I got the actual name of the "blank" directory by
using "dir /x".
So using this batch, do:
deltree com1
rem ~~~~~~~~~~~~~~~~~~~~~~~~~~
@echo off
cls
if /i %1$==$ goto :Missing
if not exist %1\. goto :NoDir %1
echo.
echo Are you sure you want to delete ALL the FILES within %1?
echo --------------------------
echo Press Any Key to Continue or CTL-Break to Abort
pause>nul
for /f "tokens=*" %%i in ('dir %1 /b /x /a-d') do del "%1\%%i"
echo.
echo.
echo Are you sure you want to remove all SUB-diretories from %1 ?,
echo --------------------------
echo Press Any Key to Continue or CTL-Break to Abort
pause>nul
for /f "tokens=*" %%a in ('dir %1 /b /x /ad') do rd /s /q "%1\%%a"
cls
echo.
echo Removing "%1"....
echo --------------------------
echo Press Any Key to Continue or CTL-Break to Abort
pause>nul
rd %1
cls
echo.
echo Complete !
goto end
:Missing
cls
echo.
echo.
echo Incorrect Syntax -- Use BatName (space) DirectoryName (i.e. Deltree Com1)
echo.
echo.
goto end
:NoDir
cls
echo.
echo.
echo Directory %1, does not Exist.
echo.
echo.
:end
rem ~~~~~~~~~~~~~~~~~~~~~~~~~~
> How about a DELTREE equivalent?
If you create the file named 'tpg2-dmn.r29+' (as above)
where '+' is exactly one "blank",
will your BAT file delete it?
If you create the file named 'tpg2-dmn.r29+' (as above)
where '+' is exactly one "blank",
will your BAT file delete it?
>> will your BAT file delete it?
Yes. I just tried it. Of course this BAT is not the true equivalent of deltree command, but it's the same in the sense of deleting a file/directory tree.
Yes. I just tried it. Of course this BAT is not the true equivalent of deltree command, but it's the same in the sense of deleting a file/directory tree.
Have you tried using any of the NT Resource Kit Utils. The rm.exe (Remove File - which is part of the Posix utils) is pretty powerful in removing directories. This is found in I386\GNU\Posix folder.
I created a blank directory which included many directories and files and it removed it instantly. Note, Posix commands are case sensitve.
Try:
rm -r com1 (the "r" switch is for removing a folder and its entire contents)
I created a blank directory which included many directories and files and it removed it instantly. Note, Posix commands are case sensitve.
Try:
rm -r com1 (the "r" switch is for removing a folder and its entire contents)
ASKER
We are getting closer
Does not "del com1*" work ? or possibly del "com1*" ?
CrypToniC, I don't think so. Try creating a file or directory for com1. One problem with such files is the special character. Identifying the character can lead to a fix, but that may be only for Win9x or non-NT. With my NT+ boxes I can create and delete files with any character tried. So base assumption here, from my side, is that the relevance is that COM1 is now a reserved name. Thus you can no longer create or delete it. But M$ treats like file, not device (as a device it was com1: required extra finger for shift key, which was too difficult for people wanting it 'easy').
With vanilla NT the best I could do to create file was make a really long name like com1 followed by many blanks then a real character to keep OS from trimming. Still, it appended "~1" to the 8.3 old.short.name for char 7&8, and I was unable, in limited test, to rename it to something looking like the four letter word with blanks after it. I recall some options were available to handle the short name differently but not what they are (why have #1 if there are no duplicates like #2?). That may be one way to go after this bugger, long vs short names.
cburns99n, I assume this remains of interest to you, due to time elapsed and the (near) obvious cleanup of rebuilding whole server, and restoring from backup after handling restrictions. More like some of us who just want to know, so we can better respond the next time. There's also the 3rd party way to hack the name table on disk through a disk editor.
If you've the time, you could try some 3rd party freebie renaming and deleting utilities. There are an abundance, but I think they usually are geared for trees or backups or searches, with less wildcard potential. Newer ones more dependent on OS. I suspect an older utility would work better, one for older DOS where there were fewer built in filters.
Similarly for FTP. I tested a couple, newer ones, and they were even more constrained than NT with filters when it comes to naming or renaming. Hence an older ftp program might do the trick.
With vanilla NT the best I could do to create file was make a really long name like com1 followed by many blanks then a real character to keep OS from trimming. Still, it appended "~1" to the 8.3 old.short.name for char 7&8, and I was unable, in limited test, to rename it to something looking like the four letter word with blanks after it. I recall some options were available to handle the short name differently but not what they are (why have #1 if there are no duplicates like #2?). That may be one way to go after this bugger, long vs short names.
cburns99n, I assume this remains of interest to you, due to time elapsed and the (near) obvious cleanup of rebuilding whole server, and restoring from backup after handling restrictions. More like some of us who just want to know, so we can better respond the next time. There's also the 3rd party way to hack the name table on disk through a disk editor.
If you've the time, you could try some 3rd party freebie renaming and deleting utilities. There are an abundance, but I think they usually are geared for trees or backups or searches, with less wildcard potential. Newer ones more dependent on OS. I suspect an older utility would work better, one for older DOS where there were fewer built in filters.
Similarly for FTP. I tested a couple, newer ones, and they were even more constrained than NT with filters when it comes to naming or renaming. Hence an older ftp program might do the trick.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
(BTW: <heh> did CodeRed knock down internet last night and make the issue moot?)
ASKER
Sunbow deserves the points
> did CodeRed knock down internet last night
Check the hour-by-hour chart at http://WWW.Incidents.Org
Check the hour-by-hour chart at http://WWW.Incidents.Org
> Sunbow deserves the points
Use the "accept-comment-as-answer"
Use the "accept-comment-as-answer"
Thanx, you may also appreciate recent web.news:
"Feds: Warez crackdown's just begun"
http://www.zdnet.com/zdnn/stories/news/0,4586,5100571,00.html?chkpt=zdnnt121201ts
"Software piracy rings cracked in two-year federal probe
"
http://www.computerworld.com/storyba/0,4125,NAV47_STO66544,00.html
"Feds: Warez crackdown's just begun"
http://www.zdnet.com/zdnn/stories/news/0,4586,5100571,00.html?chkpt=zdnnt121201ts
"Software piracy rings cracked in two-year federal probe
"
http://www.computerworld.com/storyba/0,4125,NAV47_STO66544,00.html
I think you forgot this question. Please grade the answer(s) given or ask back if there is more information needed. I will ask CS to close this question if there is no more feedback.
You promised The points to SunBow!
Please do not accept this comment as an answer!
======
Werner
You promised The points to SunBow!
Please do not accept this comment as an answer!
======
Werner
Answer accepted by:
ComTech
Community Support Moderator
ComTech
Community Support Moderator
example........... lets say this directory is in C:\WINDOWS\TEMP
in DOS, changed to the directory that contains the folder
at the C:\WINDOWS\TEMP prompt, type DELTREE *.*, you will be prompted Y or N to delete each directory as it comes up, EXAMPLE:
C:\WINDOWS\TEMP>deltree *.* then ENTER
Delete file "~DFAD1B.TMP"? [yn] y
Deleting ~DFAD1B.TMP...
Delete file "~DFC976.TMP"? [yn] y
Deleting ~DFC976.TMP...
Delete directory "nscomm40" and all its subdirectories? [yn]
If in fact DOS sees this as a blank folder, then you will see
Delete directory " " and all its subdirectories? [yn]
This command is very good but has no conscience, it will do almost anything you tell it to do. If you are not sure what it is deleting, then say no, or if you get really spooked CTL+C will shut it down.
bill