Hello,
This message was posted a few weeks ago.
(A hacker put files on my ftproot folder and I am not able to delete those files. 
Rights are okay)
I does NOT work for me.
Here is the FTP log file.
USER anonymous 331
PASS guest@ 230
MKD temporary 257
created eveCD2.r00 226
RNFR eveCD2.r00+./+/ 550
RNFR eveCD2.r00 350
RNTO eveCD2.r00+./+/ 250
RNFR eveCD2.r01+./+/ 550
How those commands work with W2K ?
Is there any software more intelligent thant Explorer?
Thanks for help.

Tip: Run a free scan for common Windows errors ad

re: Cannot delete file: Cannot read from the source file or disk Thursday, December 27, 2001 at 11:11 am Posted by Lazerus (284 messages posted) Try booting to safe mode and deleting them, make sure it's regular safe mode, and not with networking, and give it a shot. if that doesn't work, if the drive is in NTFS, get a linux boot disk, boot off of it, and delete the files that way, if it's fat32, boot of a 98 boot disk and delete the files there. Regards Lazerus On Thursday, December 27, 2001 at 8:40 am, Alex wrote: >Hello, >This message was posted a few weeks ago. >(A hacker put files on my ftproot folder and I am not able to delete those files. >Rights are okay) >I does NOT work for me. >Here is the FTP log file. >USER anonymous 331 >PASS guest@ 230 >MKD temporary 257 >created eveCD2.r00 226 >RNFR eveCD2.r00+./+/ 550 >RNFR eveCD2.r00 350 >RNTO eveCD2.r00+./+/ 250 >RNFR eveCD2.r01+./+/ 550 >How those commands work with W2K ? >Is there any software more intelligent thant Explorer? >Thanks for help. [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Friday, December 28, 2001 at 7:45 am Posted by Alex (2 messages posted) Hello, Thanks for replying. I worked on it the whole morning. I get rid of it by (I think) taking ownership of all the files and using the del *.* command. Thanks for help. [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Tuesday, January 29, 2002 at 1:39 pm Posted by David Fritzke (2 messages posted) Hello, Did this work we just had te same issue. They filled my Hard Disk with 14 GB of data. Thanks Dave Fritzke YMCA of Metropolitan Milwaukee On Friday, December 28, 2001 at 7:45 am, Alex wrote: >Hello, >Thanks for replying. >I worked on it the whole morning. >I get rid of it by (I think) taking ownership of all the files and using the del >*.* command. >Thanks for help. > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Wednesday, January 30, 2002 at 7:36 pm Posted by MattTheRatt (1 messages posted) David, They filled up my hard disk also, 15 gigs. I went to the command promp. (start/run "cmd") . Changed my directory to the ftproot directory, ("CD C:/inetpub/ftproot"). Then I entered "del *.* /f /s /q" This deleted all the files but left all the subfolders. I still can't get rid of my subfolders, but it did free up all the space. Hope this helps. On Tuesday, January 29, 2002 at 1:39 pm, David Fritzke wrote: >Hello, Did this work we just had te same issue. They filled my Hard Disk with 14 >GB of data. > >Thanks > >Dave Fritzke >YMCA of Metropolitan Milwaukee > > >On Friday, December 28, 2001 at 7:45 am, Alex wrote: > >Hello, >Thanks for replying. >I worked on it the whole morning. >I get rid of it by (I think) taking ownership of all the files and using the del >*.* command. >Thanks for help. > > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Thursday, January 31, 2002 at 6:38 am Posted by David Fritzke (2 messages posted) Thanks Matt, We also were able to delet the data but not the directories. I will give you an update if I find one. On Wednesday, January 30, 2002 at 7:36 pm, MattTheRatt wrote: >David, > >They filled up my hard disk also, 15 gigs. I went to the command promp. (start/run >"cmd") . Changed my directory to the ftproot directory, ("CD C:/inetpub/ftproot"). > Then I entered "del *.* /f /s /q" > >This deleted all the files but left all the subfolders. I still can't get rid of >my subfolders, but it did free up all the space. > >Hope this helps. > > > > >On Tuesday, January 29, 2002 at 1:39 pm, David Fritzke wrote: >Hello, Did this work we just had te same issue. They filled my Hard Disk with 14 >GB of data. > >Thanks > >Dave Fritzke >YMCA of Metropolitan Milwaukee > > >On Friday, December 28, 2001 at 7:45 am, Alex wrote: > >Hello, >Thanks for replying. >I worked on it the whole morning. >I get rid of it by (I think) taking ownership of all the files and using the del >*.* command. >Thanks for help. > > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Friday, February 1, 2002 at 11:34 pm Posted by Karl Fife (1 messages posted) Indeed I was hacked too. This thread gave me only HALF of the solution. The OTHER HALF goes like this: Levels upon levels of undeleteable garbage directories c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... First I issued a del *.* /f /s/q as suggested by someone on this thread. This command cascaded through the directories and deleted the files without prompting. BUT The empty directories were still there and they could not be deleted/renamed/copied/moved using windows explorer. Furthermore, the directory did not have a name in dos, so I could not even remove (rd) or change (cd) to the folder because I couldn't name it! Hundreds of levels and hundreds of items on each level. The solution was to issue a rd /s command from the parent directory. In my example: c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... and so on from the c:\inetpub\ directory I issued the command rd ftproot /s. Presto! If only I could issue a RH /P /AK command (remove hacker /permanent /with ass kicking) On Thursday, December 27, 2001 at 8:40 am, Alex wrote: >Hello, >This message was posted a few weeks ago. >(A hacker put files on my ftproot folder and I am not able to delete those files. >Rights are okay) >I does NOT work for me. >Here is the FTP log file. >USER anonymous 331 >PASS guest@ 230 >MKD temporary 257 >created eveCD2.r00 226 >RNFR eveCD2.r00+./+/ 550 >RNFR eveCD2.r00 350 >RNTO eveCD2.r00+./+/ 250 >RNFR eveCD2.r01+./+/ 550 >How those commands work with W2K ? >Is there any software more intelligent thant Explorer? >Thanks for help. [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Saturday, February 2, 2002 at 3:11 pm Posted by Mike (2 messages posted) I used the tips in this thread, and they worked great. But just how can a malicious uploader do all this? Is it a flaw in Windows? Mike On Friday, February 1, 2002 at 11:34 pm, Karl Fife wrote: >Indeed I was hacked too. This thread gave me only HALF of the solution. The OTHER >HALF goes like this: > >Levels upon levels of undeleteable garbage directories > >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... > >First I issued a del *.* /f /s/q as suggested by someone on this thread. This command >cascaded through the directories and deleted the files without prompting. > >BUT >The empty directories were still there and they could not be deleted/renamed/copied/moved >using windows explorer. Furthermore, the directory did not have a name in dos, so >I could not even remove (rd) or change (cd) to the folder because I couldn't name >it! Hundreds of levels and hundreds of items on each level. > >The solution was to issue a rd /s command from the parent directory. > >In my example: >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... and so on > >from the c:\inetpub\ directory I issued the command rd ftproot /s. >Presto! > >If only I could issue a RH /P /AK command >(remove hacker /permanent /with ass kicking) > > > >On Thursday, December 27, 2001 at 8:40 am, Alex wrote: > >Hello, >This message was posted a few weeks ago. >(A hacker put files on my ftproot folder and I am not able to delete those files. >Rights are okay) >I does NOT work for me. >Here is the FTP log file. >USER anonymous 331 >PASS guest@ 230 >MKD temporary 257 >created eveCD2.r00 226 >RNFR eveCD2.r00+./+/ 550 >RNFR eveCD2.r00 350 >RNTO eveCD2.r00+./+/ 250 >RNFR eveCD2.r01+./+/ 550 >How those commands work with W2K ? >Is there any software more intelligent thant Explorer? >Thanks for help. > > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Tuesday, February 5, 2002 at 10:36 am Posted by John Manton (7 messages posted) I had the same thing happen to me in the last few days. I was able to delete the 345MB of files, but am still left with the weird directories. I don't understand how they were able to do this in the first palce. If anyone figures it out, PLEASE let us know. Thx On Saturday, February 2, 2002 at 3:11 pm, Mike wrote: >I used the tips in this thread, and they worked great. But just how can a malicious >uploader do all this? Is it a flaw in Windows? > > > >Mike > > >On Friday, February 1, 2002 at 11:34 pm, Karl Fife wrote: > >Indeed I was hacked too. This thread gave me only HALF of the solution. The OTHER >HALF goes like this: > >Levels upon levels of undeleteable garbage directories > >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... > >First I issued a del *.* /f /s/q as suggested by someone on this thread. This >command >cascaded through the directories and deleted the files without prompting. > >BUT >The empty directories were still there and they could not be deleted/renamed/copied/moved >using windows explorer. Furthermore, the directory did not have a name in dos, >so >I could not even remove (rd) or change (cd) to the folder because I couldn't name >it! Hundreds of levels and hundreds of items on each level. > >The solution was to issue a rd /s command from the parent directory. > >In my example: >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... and so on > >from the c:\inetpub\ directory I issued the command rd ftproot /s. >Presto! > >If only I could issue a RH /P /AK command >(remove hacker /permanent /with ass kicking) > > > >On Thursday, December 27, 2001 at 8:40 am, Alex wrote: > >Hello, >This message was posted a few weeks ago. >(A hacker put files on my ftproot folder and I am not able to delete those files. >Rights are okay) >I does NOT work for me. >Here is the FTP log file. >USER anonymous 331 >PASS guest@ 230 >MKD temporary 257 >created eveCD2.r00 226 >RNFR eveCD2.r00+./+/ 550 >RNFR eveCD2.r00 350 >RNTO eveCD2.r00+./+/ 250 >RNFR eveCD2.r01+./+/ 550 >How those commands work with W2K ? >Is there any software more intelligent thant Explorer? >Thanks for help. > > > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Tuesday, February 5, 2002 at 12:23 pm Posted by David Prendergast (3 messages posted) This has been very valuable. I've had a similar incident. I've been able to remove some files and some directories. Still unable to do anything with the following two situations though: 1) a directory with a blank name; don't know how to refer to that when using the rd command; 2) directories with com names (com1 or whatever); these come up "Invalid directory" when trying to do *anything* I would appreciate any help that can be provided. - David On Tuesday, February 5, 2002 at 10:36 am, John Manton wrote: >I had the same thing happen to me in the last few days. I was able to delete the >345MB of files, but am still left with the weird directories. I don't understand >how they were able to do this in the first palce. If anyone figures it out, PLEASE >let us know. Thx > > >On Saturday, February 2, 2002 at 3:11 pm, Mike wrote: >I used the tips in this thread, and they worked great. But just how can a malicious >uploader do all this? Is it a flaw in Windows? > > > >Mike > > >On Friday, February 1, 2002 at 11:34 pm, Karl Fife wrote: > >Indeed I was hacked too. This thread gave me only HALF of the solution. The OTHER >HALF goes like this: > >Levels upon levels of undeleteable garbage directories > >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... > >First I issued a del *.* /f /s/q as suggested by someone on this thread. This >command >cascaded through the directories and deleted the files without prompting. > >BUT >The empty directories were still there and they could not be deleted/renamed/copied/moved >using windows explorer. Furthermore, the directory did not have a name in dos, >so >I could not even remove (rd) or change (cd) to the folder because I couldn't name >it! Hundreds of levels and hundreds of items on each level. > >The solution was to issue a rd /s command from the parent directory. > >In my example: >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... and so on > >from the c:\inetpub\ directory I issued the command rd ftproot /s. >Presto! > >If only I could issue a RH /P /AK command >(remove hacker /permanent /with ass kicking) > > > >On Thursday, December 27, 2001 at 8:40 am, Alex wrote: > >Hello, >This message was posted a few weeks ago. >(A hacker put files on my ftproot folder and I am not able to delete those files. >Rights are okay) >I does NOT work for me. >Here is the FTP log file. >USER anonymous 331 >PASS guest@ 230 >MKD temporary 257 >created eveCD2.r00 226 >RNFR eveCD2.r00+./+/ 550 >RNFR eveCD2.r00 350 >RNTO eveCD2.r00+./+/ 250 >RNFR eveCD2.r01+./+/ 550 >How those commands work with W2K ? >Is there any software more intelligent thant Explorer? >Thanks for help. > > > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Tuesday, February 5, 2002 at 12:29 pm Posted by John Manton (7 messages posted) Ditto... got hacked also. Your fix took care of the weird folders. Thanks! Any idea on the methods they used? It sounds like a number of people started getting hacked like this in the past week or two. My hackers were located in France and Singapore. On Friday, February 1, 2002 at 11:34 pm, Karl Fife wrote: >Indeed I was hacked too. This thread gave me only HALF of the solution. The OTHER >HALF goes like this: > >Levels upon levels of undeleteable garbage directories > >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... > >First I issued a del *.* /f /s/q as suggested by someone on this thread. This command >cascaded through the directories and deleted the files without prompting. > >BUT >The empty directories were still there and they could not be deleted/renamed/copied/moved >using windows explorer. Furthermore, the directory did not have a name in dos, so >I could not even remove (rd) or change (cd) to the folder because I couldn't name >it! Hundreds of levels and hundreds of items on each level. > >The solution was to issue a rd /s command from the parent directory. > >In my example: >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... and so on > >from the c:\inetpub\ directory I issued the command rd ftproot /s. >Presto! > >If only I could issue a RH /P /AK command >(remove hacker /permanent /with ass kicking) > > > >On Thursday, December 27, 2001 at 8:40 am, Alex wrote: > >Hello, >This message was posted a few weeks ago. >(A hacker put files on my ftproot folder and I am not able to delete those files. >Rights are okay) >I does NOT work for me. >Here is the FTP log file. >USER anonymous 331 >PASS guest@ 230 >MKD temporary 257 >created eveCD2.r00 226 >RNFR eveCD2.r00+./+/ 550 >RNFR eveCD2.r00 350 >RNTO eveCD2.r00+./+/ 250 >RNFR eveCD2.r01+./+/ 550 >How those commands work with W2K ? >Is there any software more intelligent thant Explorer? >Thanks for help. > > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Tuesday, February 5, 2002 at 1:24 pm Posted by David Prendergast (3 messages posted) OK, found a solution to the remaining issues. Here's a link: http://www1.dshield.org/pipermail/dshield/2001-September/001447.html Basically, the dir/x command allowed me to realize that I could use the old DOS convention (~) symbol to remove these directories. On Tuesday, February 5, 2002 at 12:23 pm, David Prendergast wrote: >This has been very valuable. I've had a similar incident. I've been able to remove >some files and some directories. Still unable to do anything with the following >two situations though: > >1) a directory with a blank name; don't know how to refer to that when using the >rd command; > >2) directories with com names (com1 or whatever); these come up "Invalid directory" >when trying to do *anything* > >I would appreciate any help that can be provided. > >- David > > >On Tuesday, February 5, 2002 at 10:36 am, John Manton wrote: >I had the same thing happen to me in the last few days. I was able to delete the >345MB of files, but am still left with the weird directories. I don't understand >how they were able to do this in the first palce. If anyone figures it out, PLEASE >let us know. Thx > > >On Saturday, February 2, 2002 at 3:11 pm, Mike wrote: >I used the tips in this thread, and they worked great. But just how can a malicious > >uploader do all this? Is it a flaw in Windows? > > > >Mike > > >On Friday, February 1, 2002 at 11:34 pm, Karl Fife wrote: > >Indeed I was hacked too. This thread gave me only HALF of the solution. The OTHER >HALF goes like this: > >Levels upon levels of undeleteable garbage directories > >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... > >First I issued a del *.* /f /s/q as suggested by someone on this thread. This >command >cascaded through the directories and deleted the files without prompting. > >BUT >The empty directories were still there and they could not be deleted/renamed/copied/moved >using windows explorer. Furthermore, the directory did not have a name in dos, >so >I could not even remove (rd) or change (cd) to the folder because I couldn't name >it! Hundreds of levels and hundreds of items on each level. > >The solution was to issue a rd /s command from the parent directory. > >In my example: >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... and so on > >from the c:\inetpub\ directory I issued the command rd ftproot /s. >Presto! > >If only I could issue a RH /P /AK command >(remove hacker /permanent /with ass kicking) > > > >On Thursday, December 27, 2001 at 8:40 am, Alex wrote: > >Hello, >This message was posted a few weeks ago. >(A hacker put files on my ftproot folder and I am not able to delete those files. >Rights are okay) >I does NOT work for me. >Here is the FTP log file. >USER anonymous 331 >PASS guest@ 230 >MKD temporary 257 >created eveCD2.r00 226 >RNFR eveCD2.r00+./+/ 550 >RNFR eveCD2.r00 350 >RNTO eveCD2.r00+./+/ 250 >RNFR eveCD2.r01+./+/ 550 >How those commands work with W2K ? >Is there any software more intelligent thant Explorer? >Thanks for help. > > > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Tuesday, February 19, 2002 at 7:39 am Posted by drew (1 messages posted) That link has great information. Using it, I was able to delete what NTFS/Explorer couldn't. However, unlike everyone else who has posted on this topic, my situation did not involve hackers, but rather software on my computer. I'm using a Canon DZ 3600U Document Camera to prepare slides of print materials for use in instryuctional presentations. So far I cannot pinpoint one necessary factor, but when I am exporting jpgs from the program, it occasionally creates these files and directories that I cannot delete. I will be making a couple hundred slides over the next few months, so in my case the solution given above is only a slight mitigation of the continuing annoyance. Thanks for freely sharing information! On Tuesday, February 5, 2002 at 1:24 pm, David Prendergast wrote: >OK, found a solution to the remaining issues. Here's a link: http://www1.dshield.org/pipermail/dshield/2001-September/001447.html > >Basically, the dir/x command allowed me to realize that I could use the old DOS convention >(~) symbol to remove these directories. [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Thursday, February 21, 2002 at 4:44 pm Posted by Krod (1 messages posted) To answer everyones questions here, I have tested and done a great deal of work on this, since there is NO documentation on the internet, here is how to create and remove these 'rogue' file/directory names! How people 'hackers'(no skill involved) create these files. Due to some GREAT MS file system setup(POSIX), files with names beginning with com, aux, prn, con, nul, cannot be read under a 32-bit OS as they obviously refer to printing and comm devices, therefore the machine gets confused with these names, BUT some programs are not aware of these, such as, FTP, also, this is not checked when using a UNC connection, ie: Using UNC mkdir \\targetmachine\c$\com - this will create an undeletable file. In order to make it worse: ren \\targetmachine\c$\com1 - undeletable! and, you, as the creator, cannot rename it either! WOW! Using FTP log on as anonymous. mkdir com - as above ren com com1 - as above!!! Poor administrator cannot delete this file :( So, in order to delete, you will have to rename. As some people have said, doing a dir /x will show you various bits like perhaps 8.3 notation(eg: com1~002), wrong, it DOES NOT WORK! dir /x will give you NOTHING. so, solution is a) You have to log onto the affected machine LOCALLY. b) ren \\.\c:\com1 file c) rmdir file DONE! If this doesn't work for someone, please let me know! krod007@hushmail.com On Thursday, January 31, 2002 at 6:38 am, David Fritzke wrote: >Thanks Matt, > >We also were able to delet the data but not the directories. I will give you an >update if I find one. > > >On Wednesday, January 30, 2002 at 7:36 pm, MattTheRatt wrote: >David, > >They filled up my hard disk also, 15 gigs. I went to the command promp. (start/run >"cmd") . Changed my directory to the ftproot directory, ("CD C:/inetpub/ftproot"). > Then I entered "del *.* /f /s /q" > >This deleted all the files but left all the subfolders. I still can't get rid of >my subfolders, but it did free up all the space. > >Hope this helps. > > > > >On Tuesday, January 29, 2002 at 1:39 pm, David Fritzke wrote: >Hello, Did this work we just had te same issue. They filled my Hard Disk with 14 > >GB of data. > >Thanks > >Dave Fritzke >YMCA of Metropolitan Milwaukee > > >On Friday, December 28, 2001 at 7:45 am, Alex wrote: > >Hello, >Thanks for replying. >I worked on it the whole morning. >I get rid of it by (I think) taking ownership of all the files and using the del >*.* command. >Thanks for help. > > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Sunday, March 3, 2002 at 4:46 am Posted by StarLine (1 messages posted) So the problem I had was, a folder named "P.O.D. " Notice the space at the end of the directory. Explorere was being stubborn and not letting me rename becuase it didnt know what to clasify this entry as. dir /x /p /w gave me the Old School dos short name POD~1 F:\>del POD~1 (removed all the sub-directories) F:\POD~1\*, Are you sure (Y/N)? y F:\>rd POD~1 (removed the directory it's self) F:\> Thanks to the person who posted the last entry :-D On Tuesday, February 19, 2002 at 7:39 am, drew wrote: >That link has great information. Using it, I was able to delete what NTFS/Explorer >couldn't. >However, unlike everyone else who has posted on this topic, my situation did not >involve hackers, but rather software on my computer. I'm using a Canon DZ 3600U >Document Camera to prepare slides of print materials for use in instryuctional presentations. > So far I cannot pinpoint one necessary factor, but when I am exporting jpgs from >the program, it occasionally creates these files and directories that I cannot delete. >I will be making a couple hundred slides over the next few months, so in my case >the solution given above is only a slight mitigation of the continuing annoyance. > >Thanks for freely sharing information! > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Monday, March 4, 2002 at 3:18 pm Posted by Matt C. (1 messages posted) Mine were from Germany. Bastards. Turns out they were turning my machine into a warez server, with lots o' movies and porn. Yuck. Upon seeing these files, I bought and installed ZoneAlarm Pro. Now, I run Win2k Server, and serve webpages. Thus, I have IIS running. My sites still served fine. Then, as if almost randomly, ZoneAlarm asks me (way after install) if I would allow IIS to have server rights. Thinking nothing of it, I clicked "yes". Suddenly, my bandwidth maxed out, and IIS was downloading files like mad! Turns out they were more of the warez files from whomever! I quickly took away server rights to IIS (bearing in mind it can still serve pages without ZoneAlarm Server rights), and used the helpful hints in this thread to delete the files. Now, to install Norton AV... :/ On Tuesday, February 5, 2002 at 12:29 pm, John Manton wrote: >Ditto... got hacked also. Your fix took care of the weird folders. Thanks! Any >idea on the methods they used? It sounds like a number of people started getting >hacked like this in the past week or two. My hackers were located in France and >Singapore. > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Sunday, March 17, 2002 at 8:22 pm Posted by Guido Govers (1 messages posted) Actually dir /x did give me something 03/17/2002 07:59p . 03/17/2002 07:59p .. 03/17/2002 07:59p 0200~1 This is the listing that i got and i was able to rename it by typing: ren 0200~1 blabla And after that i was able to remove it. I must admit that i also fooled around with some of the security stuff and i had an entry under the advanced tab somewhere prohibiting it from being deleted. You might have to kill that first but havent tested that. Thanx a lot for steering me in the right direction. All of you hackers.. Grow up and buy your own harddrive. They arent that expensive anymore. If you dont have money.. how about getting a job instead of wasting time with hacking other peoples property. Thank you. [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Saturday, September 13, 2003 at 11:34 am Posted by Roch Burton (1 messages posted) Thanks a lot, I spent so much time trying to remove those directories. And I agree with remove hacker /permanent /with ass kicking On Friday, February 1, 2002 at 11:34 pm, Karl Fife wrote: >Indeed I was hacked too. This thread gave me only HALF of the solution. The OTHER >HALF goes like this: > >Levels upon levels of undeleteable garbage directories > >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... > >First I issued a del *.* /f /s/q as suggested by someone on this thread. This command >cascaded through the directories and deleted the files without prompting. > >BUT >The empty directories were still there and they could not be deleted/renamed/copied/moved >using windows explorer. Furthermore, the directory did not have a name in dos, so >I could not even remove (rd) or change (cd) to the folder because I couldn't name >it! Hundreds of levels and hundreds of items on each level. > >The solution was to issue a rd /s command from the parent directory. > >In my example: >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... and so on > >from the c:\inetpub\ directory I issued the command rd ftproot /s. >Presto! > >If only I could issue a RH /P /AK command >(remove hacker /permanent /with ass kicking) > > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Sunday, September 21, 2003 at 8:13 pm Posted by Matt Darnell (1 messages posted) For some reason the DIR /X does not work for me. The directory I am stuck on is called "con". If I do DIR /X it simply reads "con" What is interesting is that if I type DIR /X con I get the following output: Directory of \\. File not Found Anyone have any ideas? -Matt On Thursday, December 27, 2001 at 8:40 am, Alex wrote: >Hello, >This message was posted a few weeks ago. >(A hacker put files on my ftproot folder and I am not able to delete those files. >Rights are okay) >I does NOT work for me. >Here is the FTP log file. >USER anonymous 331 >PASS guest@ 230 >MKD temporary 257 >created eveCD2.r00 226 >RNFR eveCD2.r00+./+/ 550 >RNFR eveCD2.r00 350 >RNTO eveCD2.r00+./+/ 250 >RNFR eveCD2.r01+./+/ 550 >How those commands work with W2K ? >Is there any software more intelligent thant Explorer? >Thanks for help. [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Thursday, October 2, 2003 at 4:30 am Posted by Roman (3 messages posted) This worked on xp as well. Still having a problem with getting rid of the offending directory and files in the Recycle Bin (same error message). Tried various searches of the hard drive but the only place these are visible is in rec bin - looks like xp is aliasing this somehow so is only visible through win explorer in the Recycle Bin. On Saturday, September 13, 2003 at 11:34 am, Roch Burton wrote: > >Thanks a lot, I spent so much time trying to remove those directories. > >And I agree with >remove hacker /permanent /with ass kicking > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Tuesday, October 21, 2003 at 9:26 pm Posted by csutton7 (1 messages posted) dir /x is doing it's job. that's the real name of the directory. It's windows that's keeping you from deleting it. The dos command thinks it's smarter than you are. To outsmart it you have to type this string "ren \\.\c:\inetpub\ftproot\con tst" (leave out the quotes and put in your path to the con DIR) this will rename the directory to tst which you can then delete. Hope this helps. On Sunday, September 21, 2003 at 8:13 pm, Matt Darnell wrote: >For some reason the DIR /X does not work for me. The directory I am stuck on is >called "con". If I do DIR /X it simply reads "con" > >What is interesting is that if I type DIR /X con I get the following output: > >Directory of \\. >File not Found > >Anyone have any ideas? > >-Matt > > > > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Saturday, February 7, 2004 at 8:32 am Posted by Richard Novell (2 messages posted) You are all making the fix too hard!! all you need to do is: First make sure that you have "full" administrators authority on the "FTP" folder. Right click on the folder, then under the security tab make sure that "aministrator" has full authority, i.e. all box have check mark in them. Once this is done, you have to make sure that each subfolder has full authority "administraor" rights. if the "offending folder" does have complete and full "administrator" rights, you will be able to delete the folder Richard Novell [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Saturday, February 7, 2004 at 8:44 am Posted by Richard Novell (2 messages posted) You are all making the fix too hard!! all you need to do is: First make sure that you have "full" administrators authority on the "FTP" folder. Right click on the folder, then under the security tab make sure that "aministrator" has full authority, i.e. all box have check mark in them. Once this is done, you have to make sure that each subfolder has full authority "administraor" rights. if the "offending folder" does have complete and full "administrator" rights, you will be able to delete the folder Richard Novell [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Saturday, March 13, 2004 at 4:49 am Posted by T. Hill (1 messages posted) Say, my story is about ditto of almost all the rest, but however this was an invited situation for the most part as I will explain. As being an Admin, I guess we all study as much as we can from time to time, that is when were not busy with other things. :-) SO the Story goes as this, I have a small medium sized 2k/ Server, running all the latest IIS 5.x and tools, your basic 2k box, hosting a test web site behind a DMZ, also a Test FTP site as well as a remote Term box. It Physically sits 3 feet from my workstation in my server closet next to my DC, “Domain Controller”, they are a pair I built in the spring of 99, and are both 500 MHz boxes with all the goodies of the time, “decent servers so to speak”. Now my DC, is running NT 4.x locked down like FT. KNOX x 3, so I have been told.  TO make the point, that not a single patch , configuration change or anything besides tossing backup files to and fro in my archive drive on it along with remote sessions to change security one in a while or maybe test something from that box remotely, as it is headless, “no monitor/ keyboard, etc”. just a power wire and a single NIC, with a cable to my internal LAN. It’s withstood anything the world had thrown at it, on it’s proxy side, from any virus / intrusion attempts etc since 01/06/99… It’s been up 24-7 365, I have faith in NT 4.x for stability and security, as it’s my DC, it’s responsible for my security also. I also run 2k3/ server Enterprise , 2k/servers mostly you might say I am a 2k guy, I like it and it’s very stable also… 2k3 platform is mostly my DEV , PLATFORM for .net and .aspx SQL /etc… Now in this test, we left an open 2k box sitting behind a test DMZ, just for sniffers to come along and play, and surely enough sooner or later they began dropping in, and making attempts to test the waters… As you would expect there were attempts to gain as much control as they could, but really it was most interesting in documenting this also, once they had used the commands I have read about in this thread in many of the other dumps of logs, I also recognized these my self as hacking attempts in my own logs previously. One idea was to allow them to deposit their files and then remove their rights to cover their trail, which they had been doing regularly, so in one test I had been on the server while they were doing their dirty work and I had just changed the permissions on the root subfolder I had the ftp share in. So I watched as they x-fered their junk to the share, then as the log files always showed they would then have another machine logon to quickly retrieve the data, then after downloading it they would delete it… Now it was a bit disturbing to me to initially notice that they had that much control, but again I had given them full read write and change permissions… So after allowing them to deposit I then unplugged the cable, they go the typical error for trying to connect I am sure, but I quickly stopped the service and then applied the changes to the shares and then again restarted the service and ftp server. The had downloaded then tried to delete the files, and could not, so basically one over on them.. :-) Now what were they going to do , this had been a regular playground for a couple weeks for them, but their evidence was in the log files and also I had scanned one of their boxes in the process. Now one would think that a hacker of this level would be smart enough to at least deny ICMP pings and most any other thing of that sort… And most do, but this one wise guy, no he was wide open , he even had his TSClient 32 up and facing the WAN side of his machine, I attempted to logon to see if I could get any info… It was an XP/ Pro box in Amsterdam, my trusty scanner, picked up his MAC, address, and every service running on his box, also his net bios name and logon account etc… SO in this case, I then traced the route info, dumped it to a capture, tracked down his IP to his ISP, and advised the response tech at that end of the situation and forwarded the info to the ISP. Now Really the object would be to say exchange the files they are illegally using my host to transfer on, with something that will actually render their machine useless when they get them on their hard drive and attempt to re assemble these ripped DVD parcels.… I have been reading, and there are things that can be done, but since hackers also may read this post , well I will not disclose any real details, as there is much of the above fore mentioned fun to be had, I like the one guys explanation of the “remove HACKER / Permanently / With Major Ass Kicking”, :-) But not physically as these are only children, no actually to render their boxes to have to be flattened and rebuilt as some of the poor victims of their pranks have to do. So basically, this box is expendable, and reloaded in about 45- 70 minutes depending on configuration. I am at no loss, but however I am determined to find a resolve for the above fore mentioned issue, at which I also had taken some of the approaches earlier on, the “dir /x” the “rd \\. \inetpub\ftproot\ [ suspect folder ]” in a means to get rid of them also. And this was after my traditional knowledge had failed to solve my issue of these unwanted and basically un touchable folders… I consider my self fairly familiar with a NT4 / 2000 infrastructure, and will make no statement of being a pro by any means… but in finding that our hacker friends had obtained so much control began to bother me also. So I had already worked with any and all permissions of the NTFS, now no where have I heard anyone speak of using “CACLS” from the safe mode command prompt ??? This is a utility from the command prompt that allows you to change permissions and work with permissions on files from DOS level. I will try this in combination with a few other ideas I have and get back to you all to let you know what my results are, as the last post I read here, that MR. Richard Novell, had advised to just use the Explorer interface and just use the Security TAB in Advanced properties… ??? Yes this is standard practice, and I am sure that anyone here had already tried that, and that’s why they eventually ended up searching this thread out in their browsers to hopefully explain how to possibly get rid of this issue. Now for some of you, I see this worked, and I am happy for you also, as you probably had production servers and hated to think of having to flatten you boxes to get rid of them also. But in this case, it did not work… I agree with one aspect of the idea that NTFS might not be sure how to deal with these folders in explorer, but really when using the command prompt and 8.3 format it should not be an issue. The possibility that these file names might be implementing the special characters thus we now might have another issue all together. For now we are working on it, and I also think that since this is some time later than the last known post of a real issue that these hackers might be using another scheme in addition. SO if anyone has any more ideas , please let us know, as I will also post any info I find out here as we go… Our goal is to successfully remove these folders, in order to be sure that this is a full solution in the future, as well as address this known issue. As none of the posted information has worked thus far. I could have flattened the box and reloaded it faster than researching this article and post, but mainly as an Admin, my goal is not to turn from these issues and walk away, we truly need to get to the bottom of this… Because out there right now is some Administrator that will be pulling their hair out on a production server for no good reason if we can’t find a Resolution. Good luck and I shall check back, T. Hill And to any hackers reading this: Note this, “With ISA 2004 and SMS” your days are going to be long and hard, and with the current DEV team at “M” working very hard on addressing the latest infrastructure Security, your days are numbered, rest assured on that… On Saturday, February 7, 2004 at 8:44 am, Richard Novell wrote: >You are all making the fix too hard!! all you need to do is: First make sure that >you have "full" administrators authority on the "FTP" folder. Right click on the >folder, then under the security tab make sure that "aministrator" has full authority, >i.e. all box have check mark in them. Once this is done, you have to make sure that >each subfolder has full authority "administraor" rights. if the "offending folder" >does have complete and full "administrator" rights, you will be able to delete the >folder Richard Novell > [Reply or follow-up to this message] The SIMPLE Answer Friday, March 19, 2004 at 4:35 am Posted by Producer (1 messages posted) Get what you need out of your FTP directory RmDir \\.\C:\YourFTP_ROOT's_PATH /s /q Create your directory again [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Sunday, June 20, 2004 at 7:22 pm Posted by Alex R (1 messages posted) thank you very much, your tip helped me with same problem, it was causing backup errors for a very long time. On Friday, February 1, 2002 at 11:34 pm, Karl Fife wrote: > >Indeed I was hacked too. This thread gave me only HALF of the solution. The OTHER >HALF goes like this: > >Levels upon levels of undeleteable garbage directories > >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... > >First I issued a del *.* /f /s/q as suggested by someone on this thread. This command >cascaded through the directories and deleted the files without prompting. > >BUT >The empty directories were still there and they could not be deleted/renamed/copied/moved >using windows explorer. Furthermore, the directory did not have a name in dos, so >I could not even remove (rd) or change (cd) to the folder because I couldn't name >it! Hundreds of levels and hundreds of items on each level. > >The solution was to issue a rd /s command from the parent directory. > >In my example: >c:\inetpub\ftproot\[noname]\fbjc;;;;\fbjx;;;;\... and so on > >from the c:\inetpub\ directory I issued the command rd ftproot /s. >Presto! > >If only I could issue a RH /P /AK command >(remove hacker /permanent /with ass kicking) > > [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Tuesday, June 22, 2004 at 2:31 pm Posted by Wayne Harrington (6 messages posted) Regarding the issue being discussed is my problem related? In my documents I created a new folder named "Editing". Later I decided to rename it, but got a message saying access is denied? I have also tried to move the folder and even delete it, but can't? I get this kind of message: Cannot rename: Cannot read from the source file or disk? When I look at its properties nothing is listed, not file type? [Reply or follow-up to this message] re: Cannot delete file: Cannot read from the source file or disk Sunday, March 6, 2005 at 3:51 pm Posted by ERICA (1 messages posted) Delete all temporary files - even though some of these may not be named anything close to the program that you are having problems with the problem maybe within one of these files. Hope this helps! [Reply or follow-up to this message] re: The SIMPLE Answer Sunday, March 30, 2008 at 11:56 am Posted by zendoren (1 messages posted) "build a better mouse trap....." im having some issues with all of guys solutions. specificaly this one. bellow is the a copy from my com prompt. --------------------------- C:\Inetpub\ftproot>cd\ C:\>RmDir \\.\C:\inetpub\ftproot /s /q \\.\C:\inetpub\ftproot\ - The directory is not empty. C:\> ----------- pain in the butt.... any suggestions!?!? On Friday, March 19, 2004 at 4:35 am, Producer wrote: >Get what you need out of your FTP directory > >RmDir \\.\C:\YourFTP_ROOT's_PATH /s /q > >Create your directory again [Reply or follow-up to this message] Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows 2000 Discussion Forum