Free short-media T-Shirt to the first person who can tell me how to successfully delete folders tagged by FXP on a Windows 2000 NTFS share, without buying any software.

I've tried:

takeown
posix tools (installing cygwin and using RM)
permissions editing
custom written batch files that recursively take ownership of every single file in a directory

nothing has worked so far. There is a guy who sells a $40 piece of software that CLAIMS it can do the job (jrtwine software or something like that) but I'm not gonna pay some dude $40 for software that I'm not sure will work or not.

Anybody?

sorry for my newbieness but what's fxp?

free edition of that software has delete capabilities...

or are you needing the recursive function...

Gobbles

D'ya try this? http://www.jrtwine.com/Products/DelFXPFiles/DeleteFXPFilesInstall.zip

also what FTP server software are you using master Prime?

Gobbles

Open a Command Prompt window and leave it open.

Close all open programs.

You now need to close EXPLORER.EXE. The proper way to shutdown Explorer is to raise the "Shut Down Windows" dialog (select "Shut Down..." from the start menu), hold down CTRL+SHIFT+ALT and press the CANCEL button. Explorer will exit cleanly.

Note: The <CTRL+ALT+DEL> at the 'Shut Down Windows' dialog method of closing Explorer is built into Explorer. (It was specifically designed so that developers writing Shell Extensions could get Explorer to release their Shell Extension DLLs while debugging them).

Go back to the Command Prompt window and change to the directory where the undeletable file is located in. At the command prompt type DEL <filename> where <filename> is the file you wish to delete.

Go back to Task Manager, click File, New Task and enter EXPLORER.EXE to restart the GUI shell.

Close Task Manager.


Or try this

http://yafc.sourceforge.net/manual/fxp.php


That's my gue...errr...extensive knowledge.

D'ya try this? http://www.jrtwine.com/Products/DelFXPFiles/DeleteFXPFilesInstall.zip
nothing has worked so far. There is a guy who sells a $40 piece of software that CLAIMS it can do the job (jrtwine software or something like that) but I'm not gonna pay some dude $40 for software that I'm not sure will work or not.
He claims it has undelete, but only for single files, which is useless, since there are about 500-1000 recursive directories underneath the top level.

FXP is a script-kiddie thing. They scan for open, anonymous FTP servers and "tag" them by creating folder names with illegal characters in them. Once a folder is tagged, it cannot be deleted, but can be found by other FlashFXP users. It's used for illegal file sharing (Warez and movies, generally).

I'm going to throw this into the pile too.

http://www.megasecurity.org/trojans/w/wineggdrop/Wineggdropshell_eternity.html

This is a build-in ftpd,which supports both Pasv and Port modes,supports most basic operations such as delete,create,download,upload,rename,and fxp is also supported.

That's pretty crafty. Damn, they can't be deleted eh? How about trying norton antivirus using the wipe function.... You may be way ahead of me on this though, just the first thing that popped in my two brain cells still active today.

KingFish

MediaMan: Thanks for the attempt, I've never tried that method, but it didn't work... I'm sure that method would work for a single file, but this is an entire tree of 1000's of folders.

Here's a screenie of this attempt:

I'd use fdisk, that would get rid of it :)

maybe you already tried this but here is the link:

postix commands (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q120716)

it's a bunch of commands from microsoft that might help

Another attempt.

Open a command prompt, hit ctrl-alt-delete, find explorer.exe in the processes tab, and kill it. Close the task manager, and go to your command prompt. Navigate to the directory containing the little garbage files, and start deleting them. If you use "rd dirname /s /q" you will be able to get some of them right off.

If you can't delete them that way, try listing the contents by doing "dir /x" which will list the 8 char names for the directories, use those names to delete more of them. Remember that the /s switch is for recursive, and the /q switch keeps it from asking permission each time. This method will help get rid of directories with bad names, or illegal characters in them.

If you are left with a few directories, chances are they have names like 'aux' or 'com1' or 'com2' or something. In that case, windows is not letting you delete them because those are reserved words. You can bypass reserved word checking by using the following syntax with the del or 'rd' commands: "rd \\.\driveletter:\directory" For example "rd \\.\d:\ftpshare\com1\" got rid of the com1 directory that was causing trouble.


or here

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q120716

Prime, go download yourself a copy of Knoppix STD (Security Tools Distrobution). It's a Live CD linux distro. that'll totally bypass NTFS permissions and everthing else. And it boots and runs from the CD. Give it a shot.
http://www.knoppix-std.org/

Okay:

1) Mediaman: Tried all those things. No go.

2) Tropical: I have a full cygwin installation on the box, and have the full gamut of posix tools. No go.

3) Topherice: The machine is in washington DC, and I'm in Detroit. :-/ I could have someone put a knoppix disk in the thing, but I wouldn't be able to log in remotely without explaining all kinds of things to the non-tech saavy person on the other end. I am attempting to do all of this remotely.

4) 289Mustang.. See #3 - reinstall is not an option right now.

If the bandwidth is there you could always have the person get the image of the knoppix disc, you install VMWare and run it with the image and see if you can delete the file from within VMWare. :crazy:

I fixed something like this before... it required refering to the folders directly, not by Windows names, i.e. Drive1//Parition1/Disk1/blah along those lines. What I just said isn't going to be of any use without further information, but I can't think what it is right now :(

You could also try this (http://www.sysinternals.com/ntw2k/freeware/ntfsdos.shtml).

I fixed something like this before... it required refering to the folders directly, not by Windows names, i.e. Drive1//Parition1/Disk1/blah along those lines. What I just said isn't going to be of any use without further information, but I can't think what it is right now :(
I'm pretty sure I tried that one too.

VoE: NTFSDOS is a program that I have to purchase. I can't justify spending the money (and neither can my client) for just one folder.

I dunno if this'll work, but apparently it's an alternative file manager that'll run in win2k. may work, may not.

http://macarlo.com/freefilemanager2001.htm

Ugh, I had a tool that allowed you to shred a file whether it was in use or not, it over-rode windows little snit about doing just that and zapped it anyways, I wish I could remember the name of it...and the nice thing was it was free for 30 days and fully functional too, it would even shred a full folder and it incorporated itself into the shell so it was just a right click away.

prime sounds like your gonna have to boot it from cd and get into recovery console, you should be able to delete it there...

Gobbles

Is boxing it up and him mailing it to you an option prime?

KingFish

Well this won't work because of the systems location, so this is just my curiosity, or a stupid question possibly. Could this whole problem be solved by a boot disk and some DOS commands, or am I over simplifying the problem? Nothing a little del *.* can't fix :)

He couldn't do it from DOS normally as the drive is NTFS and thus can't be read in DOS. He doesn't want to pay for the NTFS DOS program and he can't actually get to the machine, so booting to a repair console is probably impossible too although that probably wouldn't work either, it didn't work for my rogue folder.

Well this won't work because of the systems location, so this is just my curiosity, or a stupid question possibly. Could this whole problem be solved by a boot disk and some DOS commands, or am I over simplifying the problem? Nothing a little del *.* can't fix :)

VoE: NTFSDOS is a program that I have to purchase. I can't justify spending the money (and neither can my client) for just one folder. It's freeware.

It's freeware.

The free one is only read only. You have to pay for the pro version.

VoE:

Freeware version is read-only for NTFS. Because of journalling.

http://www.sysinternals.com/ntw2k/freeware/ntfsdos.shtml

However, prime could try this:

1. From recovery console, delete the folder recursively starting with the folder as explicit path and with an rmdir /s /f or other parms that force that directory to be deleted with all subdirectories. Secondly, it is possible that something like deltree exists.

2. Then run the recovery console file system checker in full rebuild mode to get teh journals in sync with the NTFS actual file system.

Or, get an Ultimate Boot Disk CD, boot from Linux, change parms to writable as admin, delete, then run recovery console for 2000 and have it fully rebuild file system including journals. the warning about NTFS is because journals will be out of sync with file system. So, you rebuild file system with journal rebuild, which is what happens when you force a bad sector search and recover. Missing actual trees get their directory and files entries from hournals, then 2000 might want to make one pass through file system to recover at boot, but since files will not be there it will confirm the fix from recovery console in overall effect.

Overall, if prime could afford the Administrator's SysInternals Pack, or Disk Commander, this would be the best way and be usable for other clients (prime would be owner of license) computers also. Technically, prime's company offers admin services to clients. Box would need to come to prime to satisfy all legalities per letter of current laws, or prime or tk would need to go to client site.

IF, however, the folder could be isolated on its own partition, partition could then be wiped. Move things there on partition other than folder to another logical drive, wipe part with any of ten or fifteen programs, then run file system recovery and let it acknowledge lack of part, then resize parts. PowerQuest utils, Linux, BSD, Recovery Console run of fdisk should all be able to do this partition removal part.

Also look at TweakUI for 2000, see if there are part perm changers available in it, and if the 2000 CD has a util for moving files and then deleting isolated bad permed trees. Lets, under the circumstances, go at this SIDEWAYS. Isolate bad tree in its own partition (in this case bad permed tree) and then remove partition, then run file system recovery from console if needed, then resize a part or parts to get "wasted" space back.

prime can PM me or email me for more explicit discussion.

John D.

You could always try the 30 days trial of http://www.east-tec.com/eraser/

See if that will get rid of the folders for you.

The only thing i could find is this...
http://www.jtpfxp.net/dirbreak.htm maybe that will help.

I've got some things to try.. I'll report back in a few...

The only thing i could find is this...
http://www.jtpfxp.net/dirbreak.htm maybe that will help.

that site tells how to create the problem prime is having. It is written for the people who created these types of folders. You have to be the hoser who did this for that to work,.,.,.

Gobbles

that site tells how to create the problem prime is having. It is written for the people who created these types of folders. You have to be the hoser who did this for that to work,.,.,.

Gobbles
Oh, well i don't know much about this topic. Sorry if it is not helpful, I just did a search online and posted what I thought would help. :-/

How about fdisk.... LOL :D

Prime,

this app, Absolute File Shredder (http://download.com.com/3000-2092-10164976.html?tag=lst-0-8), is supposed to be able to delete protected files. Good user reviews on CNET, and it's FREE :)

Give it a try.

Dexter...

prime, how much is your time worth? it seems you've done what i often do, spend tons of time trying to fix a problem for free when you could just pay and be done with it.

i don't know how expensive the software is that could easily fix this, but there comes a point when buying the software would have been the better deal. now that you've spent a bunch of time working on it, though, i guess you might as well finish it for free.

Well I just got word from an associate that he did go out and buy the $35 software from JRTwine, and it worked as advertised. At this point, it might actually be worth it, now that I have a testimonial. I'm gonna try Dexter's suggestion and then probably just buckle down and buy the JRTwine dude's software. The only thing that bugs me is that if JRTwine could figure out a way to do it, I know it can be done... :grumble:

How about fdisk.... LOL :D


Can I get my Free T-Shirt now??? :D

dude, like I said. I swear to you I was able to do it, I just cant remember what I did. You have do this crazy thing where you reset all the acl's on all the folders, its like xcacls or something. When I figure it out I'll post it here for everyone.

I know this is a dumb idea, but maybe it's just so simple that it was overlooked?

I dunno anything about this stuff, but if the problem is in the filename-- why can't you just change the filename to something without illegal characters in it?

Tried that too. If you try that you get the ol' "Cannot find the specified file" error. :)

Tried that too. If you try that you get the ol' "Cannot find the specified file" error. :)

Prime, think about this:

Files can be force-renamed in Linux.

The journals can THEN, after that, be resynced to new file name structure with a jounral complete rebuild, and that is what happens normally with Pro from a CD booted file system recovery run with /R invoked.

Use an O\S with the ability to parse the names to rename, then the native O\S to rebuild the indexes and driectories.

OR, and I DID think you wanted these files erased and not recovered, you can move the files you want to keep with a rename implicit in the move with Linux. Then do the journal rebuild as in previous paragraph.

Problem is, you need a CD drive in box or the HD transplanted to a box natively able to parse the names to do this before you put it back and rebuild the files index structure.

Funny thing about Linux, very few characters ARE illegal in a file name, and, as with Unix and O\S X, multiple file extensions are legal and extensions can be almost anything.

In Linux, the file system handlers are forced to be read-only for Linux.

In this case, the files might be corrupt, but the journal good, or the journal corrupt, OR the filfes force re-permed and renamed from a CD boot of a non-native O\S by a disgrunteld employee.

Is there any way the circumstances under which the files got this way can be discovered??? Without any names or idea of what specifically the files contained???? Knowing that, even if it is something that the client would not want know if attached to the name of client, might be useful in figuring out which of these three or some combo happened. Explicate process, not names or blame or control failure.

Linux does nto use MIME at low file system handling level, it does not take an .exe and force .exe protection native to O\S as XP can do, and does not use a registry to force control. It uses 90% pure perms, plus default perming rule sets.

I can take a Linux mini-load, get full file system handling abilities, morph the file structure, and get things changed that you would not believe locally, froma system boot disk or a boot Install CD for Linux under some circumstances. BUT, this cannot be done remotely, as XP will not share invalids. So, you can spin your wheels a lot trying to run things remotely. The trick, one of them, is to get the LOCAL box run by a non-native O\S with the data image you want to work with, local to the non-native O\S run. If client will not let you get the HD physically present in your lab, then take a Linux box to him, copy the HD to a HD in the Linux box, let him or his rep watch your techs, and work on the image. Once image is good, stick the image into place on original HD. This is expensive to do under some circumstances, which is why data recover can be thousands of dollars per HD mech without guarantee of full recovery.

But, in my case, I strategize things so data I work with is never on same HD as O\S core, so I cannot fubar an O\S and have unrecoverable data simultaneously.

Can you eval and tell us, or one of us (hint), what the odds are that the file and directories were compressed and\or encrypted are??? THAT is the favorite thing for a badly treated employee (from employee's POV) with global access to a system to do just before vanishing or being fired.

Viruses can create this kind of thing also, if coded specifically to do this, so can bots, unfortunately. Most viruses that are local worms, both encrypt and corrupt files, and some also relocate the files.

If base structure can be restored, viruses can be scanned for and virused files at worst erased. At best, they can be reverse-engineered-- but lots of time is needed for that, and someone with multiple-O\S rules applied to one file tree to recover is also needed. Second, easiest way to work with a data tree without fubarring original is to make the drive a mounted drive running under a non-native O\S. Usually this kind of situation is done by remote access or local access, and it is easiest done with local access. Same general rule for recovery.

This is legal if client owns data, and this is the only way it is DMCA legal. Client has proprietary work data copyright implicitly. This is a true white-hat "hack by owner's agent" defensive forensic plus damage undo under these circumstances.

John D.

Well have you tried this website? http://www.panicware.com/product_downloads.html

Its the only other thing i can think of with 30day trial software.

It doesn't matter anymore. The ultimate solution worked:

Reformat the entire drive. :(

I HATE that "fix." HATE IT!!! :( j\k about utter hate, but you know what I mean. :D

I agree. Although I did have an associate actually have the same problem, and buy that JRTwine dude's software, and he said it did indeed work......

But, we needed to reinstall that box anyway. It was set up by some other company, and they set it up pretty badly, and it was time to make the box "ours" and set it up the right way anyway....

Too bad I had to fly to Washington DC to do it :(

Bah I hate formtaing aswell .... looks like im goin to have to do it tho .... Damn stupid pop up.

Prime...can you ssh in? You might try booting your box with Bart's PE built with Total Commander included...I haven't tried it over a network, but it has allowed me to recover from some disastrous situations!
HTH,

dax