Sign in with
Sign up | Sign in
Your question

Can't delete folders

Tags:
Last response: in Windows 2000/NT
Share
Anonymous
June 24, 2004 7:08:51 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Something (somebody) is generating a new folder named
multimple digits/letters on my hard drive (Server 2000)
every day.
I can't delete it, because "directory not empty, files
used by a proccess".
I have tried to do it in Safe Mode & DOS with no success.
How can I find out what proccess to kill, when the
directories are hidden by name "."?

Please help.

More about : delete folders

Anonymous
June 25, 2004 4:46:24 AM

Archived from groups: microsoft.public.win2000.security (More info?)

First off you have either been hacked or infected and need to take measures to remedy
that which may ultimately be to back up your data including your profile folders
under documents and settings and reinstalling your operating system. A full virus
scan with up to date definitions is needed and there are online sites such as the one
below that can help you. I would also run a parasite removal program such as AdAware
with the latest definitions which could find things missed by a virus scan program.

http://security.symantec.com/sscv6/default.asp?langid=i...
http://www.lavasoftusa.com/software/adaware/

After you remedy that situation be sure that your virus scan program scans all your
emails, that you use a firewall, keep current with critical updates at Windows Update
which can be done automatically, and never use less than the default medium security
level for Internet Explorer internet web content zone. Also see that last link for
tips on removing files that you can not delete that may involve the use of some free
third party tools to find and kill the process using the file. --- Steve

http://www.microsoft.com/security/protect/
http://mvps.org/winhelp2002/unwanted.htm#
http://support.microsoft.com/?kbid=320081

"serg" <serg@discussions.microsoft.com> wrote in message
news:2131601c45a37$d4af35d0$a501280a@phx.gbl...
> Something (somebody) is generating a new folder named
> multimple digits/letters on my hard drive (Server 2000)
> every day.
> I can't delete it, because "directory not empty, files
> used by a proccess".
> I have tried to do it in Safe Mode & DOS with no success.
> How can I find out what proccess to kill, when the
> directories are hidden by name "."?
>
> Please help.
>
Anonymous
June 25, 2004 4:46:25 AM

Archived from groups: microsoft.public.win2000.security (More info?)

>-----Original Message-----
>First off you have either been hacked or infected and
need to take measures to remedy
>that which may ultimately be to back up your data
including your profile folders
>under documents and settings and reinstalling your
operating system. A full virus
>scan with up to date definitions is needed and there are
online sites such as the one
>below that can help you. I would also run a parasite
removal program such as AdAware
>with the latest definitions which could find things
missed by a virus scan program.
>

Thank you for your detailed reply. Unfortunately, I have
been using latest definition of NAV, and few spyware
programs, anty Trojan software, and nothing was detected.
There is no visible suspected process in Task Manager, I
can tell.
>http://security.symantec.com/sscv6/default.asp?
langid=ie&venid=sym
>http://www.lavasoftusa.com/software/adaware/
>
>After you remedy that situation be sure that your virus
scan program scans all your
>emails, that you use a firewall, keep current with
critical updates at Windows Update
>which can be done automatically, and never use less than
the default medium security
>level for Internet Explorer internet web content zone.
Also see that last link for
>tips on removing files that you can not delete that may
involve the use of some free
>third party tools to find and kill the process using the
file. --- Steve
>
>http://www.microsoft.com/security/protect/
>http://mvps.org/winhelp2002/unwanted.htm#
>http://support.microsoft.com/?kbid=320081
>
>"serg" <serg@discussions.microsoft.com> wrote in message
>news:2131601c45a37$d4af35d0$a501280a@phx.gbl...
>> Something (somebody) is generating a new folder named
>> multimple digits/letters on my hard drive (Server 2000)
>> every day.
>> I can't delete it, because "directory not empty, files
>> used by a proccess".
>> I have tried to do it in Safe Mode & DOS with no
success.
>> How can I find out what proccess to kill, when the
>> directories are hidden by name "."?
>>
>> Please help.
>>
>
>
>.
>
Related resources
Anonymous
June 25, 2004 8:30:48 PM

Archived from groups: microsoft.public.win2000.security (More info?)

That is interesting as apparently something is causing that behaviour. Maybe
you are unlucky enough to have one of the root kit system compromises that
will not be detected by normal means, and I am not sure what the best way is
to detect one but if it was my computer I would reformat and reinstall as I
suggested before if nothing obvious turned up that was easily fixed. Below
is a link to an article on root kit attacks. Also search http://Google.com
web AND news for "windows root kits" if interested.

http://www.securityfocus.com/news/2879

If you want to try more detailed analysis of what is going on in your
operating system I would suggest some free tools from SysInternals that can
do far beyond what Task Manager will do but it may be difficult to pinpoint
a rouge process unless you can compare to a known clean [hopefully prisitne]
like configured system. You may however track a process back to an folder or
an executeable. In particular TCPview, Process Explorer, PsList, and
Autoruns may be helpful. --- Steve

http://www.sysinternals.com/ntw2k/freeware/procexp.shtm...

<anonymous@discussions.microsoft.com> wrote in message
news:2137201c45a74$346d21d0$a101280a@phx.gbl...
>
> >-----Original Message-----
> >First off you have either been hacked or infected and
> need to take measures to remedy
> >that which may ultimately be to back up your data
> including your profile folders
> >under documents and settings and reinstalling your
> operating system. A full virus
> >scan with up to date definitions is needed and there are
> online sites such as the one
> >below that can help you. I would also run a parasite
> removal program such as AdAware
> >with the latest definitions which could find things
> missed by a virus scan program.
> >
>
> Thank you for your detailed reply. Unfortunately, I have
> been using latest definition of NAV, and few spyware
> programs, anty Trojan software, and nothing was detected.
> There is no visible suspected process in Task Manager, I
> can tell.
> >http://security.symantec.com/sscv6/default.asp?
> langid=ie&venid=sym
> >http://www.lavasoftusa.com/software/adaware/
> >
> >After you remedy that situation be sure that your virus
> scan program scans all your
> >emails, that you use a firewall, keep current with
> critical updates at Windows Update
> >which can be done automatically, and never use less than
> the default medium security
> >level for Internet Explorer internet web content zone.
> Also see that last link for
> >tips on removing files that you can not delete that may
> involve the use of some free
> >third party tools to find and kill the process using the
> file. --- Steve
> >
> >http://www.microsoft.com/security/protect/
> >http://mvps.org/winhelp2002/unwanted.htm#
> >http://support.microsoft.com/?kbid=320081
> >
> >"serg" <serg@discussions.microsoft.com> wrote in message
> >news:2131601c45a37$d4af35d0$a501280a@phx.gbl...
> >> Something (somebody) is generating a new folder named
> >> multimple digits/letters on my hard drive (Server 2000)
> >> every day.
> >> I can't delete it, because "directory not empty, files
> >> used by a proccess".
> >> I have tried to do it in Safe Mode & DOS with no
> success.
> >> How can I find out what proccess to kill, when the
> >> directories are hidden by name "."?
> >>
> >> Please help.
> >>
> >
> >
> >.
> >
Anonymous
June 25, 2004 8:30:49 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I have noticed, on each server restart, on all hard drives
is activated File Sharing. There is no sharing icon in
Windows Explorer, but when I go to HD Properties the
sharing is enabled.
It is very hard for me to reinstall OS, because this is an
active Web Server.


>-----Original Message-----
>That is interesting as apparently something is causing
that behaviour. Maybe
>you are unlucky enough to have one of the root kit system
compromises that
>will not be detected by normal means, and I am not sure
what the best way is
>to detect one but if it was my computer I would reformat
and reinstall as I
>suggested before if nothing obvious turned up that was
easily fixed. Below
>is a link to an article on root kit attacks. Also search
http://Google.com
>web AND news for "windows root kits" if interested.
>
>http://www.securityfocus.com/news/2879
>
>If you want to try more detailed analysis of what is
going on in your
>operating system I would suggest some free tools from
SysInternals that can
>do far beyond what Task Manager will do but it may be
difficult to pinpoint
>a rouge process unless you can compare to a known clean
[hopefully prisitne]
>like configured system. You may however track a process
back to an folder or
>an executeable. In particular TCPview, Process Explorer,
PsList, and
>Autoruns may be helpful. --- Steve
>
>http://www.sysinternals.com/ntw2k/freeware/procexp.shtm...
>
><anonymous@discussions.microsoft.com> wrote in message
>news:2137201c45a74$346d21d0$a101280a@phx.gbl...
>>
>> >-----Original Message-----
>> >First off you have either been hacked or infected and
>> need to take measures to remedy
>> >that which may ultimately be to back up your data
>> including your profile folders
>> >under documents and settings and reinstalling your
>> operating system. A full virus
>> >scan with up to date definitions is needed and there
are
>> online sites such as the one
>> >below that can help you. I would also run a parasite
>> removal program such as AdAware
>> >with the latest definitions which could find things
>> missed by a virus scan program.
>> >
>>
>> Thank you for your detailed reply. Unfortunately, I have
>> been using latest definition of NAV, and few spyware
>> programs, anty Trojan software, and nothing was
detected.
>> There is no visible suspected process in Task Manager, I
>> can tell.
>> >http://security.symantec.com/sscv6/default.asp?
>> langid=ie&venid=sym
>> >http://www.lavasoftusa.com/software/adaware/
>> >
>> >After you remedy that situation be sure that your virus
>> scan program scans all your
>> >emails, that you use a firewall, keep current with
>> critical updates at Windows Update
>> >which can be done automatically, and never use less
than
>> the default medium security
>> >level for Internet Explorer internet web content zone.
>> Also see that last link for
>> >tips on removing files that you can not delete that may
>> involve the use of some free
>> >third party tools to find and kill the process using
the
>> file. --- Steve
>> >
>> >http://www.microsoft.com/security/protect/
>> >http://mvps.org/winhelp2002/unwanted.htm#
>> >http://support.microsoft.com/?kbid=320081
>> >
>> >"serg" <serg@discussions.microsoft.com> wrote in
message
>> >news:2131601c45a37$d4af35d0$a501280a@phx.gbl...
>> >> Something (somebody) is generating a new folder named
>> >> multimple digits/letters on my hard drive (Server
2000)
>> >> every day.
>> >> I can't delete it, because "directory not empty,
files
>> >> used by a proccess".
>> >> I have tried to do it in Safe Mode & DOS with no
>> success.
>> >> How can I find out what proccess to kill, when the
>> >> directories are hidden by name "."?
>> >>
>> >> Please help.
>> >>
>> >
>> >
>> >.
>> >
>
>
>.
>
Anonymous
June 26, 2004 1:22:17 AM

Archived from groups: microsoft.public.win2000.security (More info?)

That probably is the default administrative shares you are seeing such as C$, etc.
Those are hidden and only available to administrators. If you have no reason to share
folders on our server you can [and should] disable or uninstall file and print
sharing. Note if you do disable it that you can not use Computer Management or other
utilities that rely on it, though you can use Terminal Services in remote
administrative mode if need be. On a web server it is also a great idea to run the
IIS Lockdown tool for your version of IIS, though I would not recommend doing such
without a full backup first including the System State and IIS configuration via the
IIS Management Console. Hopefully you are using a firewall to restrict both inbound
AND outbound traffic to authorized traffic. In a pinch you can use the built in ipsec
to create a filtering policy to manage outbound traffic if need be to allow outbound
only from ports 80 and 443 tcp, etc on your web server. The nice thing about ipsec
policy is that they take effect almost immediately after you assign or unassign it -
no software to install or a reboot required. --- Steve

http://www.microsoft.com/technet/security/tools/locktoo...
http://www.winnetmag.com/Article/ArticleID/24273/24273....
http://www.securityfocus.com/infocus/1559

"Serg" <serg@discussions.microsoft.com> wrote in message
news:21c9901c45ae2$f7d3d420$a001280a@phx.gbl...
> I have noticed, on each server restart, on all hard drives
> is activated File Sharing. There is no sharing icon in
> Windows Explorer, but when I go to HD Properties the
> sharing is enabled.
> It is very hard for me to reinstall OS, because this is an
> active Web Server.
>
>
> >-----Original Message-----
> >That is interesting as apparently something is causing
> that behaviour. Maybe
> >you are unlucky enough to have one of the root kit system
> compromises that
> >will not be detected by normal means, and I am not sure
> what the best way is
> >to detect one but if it was my computer I would reformat
> and reinstall as I
> >suggested before if nothing obvious turned up that was
> easily fixed. Below
> >is a link to an article on root kit attacks. Also search
> http://Google.com
> >web AND news for "windows root kits" if interested.
> >
> >http://www.securityfocus.com/news/2879
> >
> >If you want to try more detailed analysis of what is
> going on in your
> >operating system I would suggest some free tools from
> SysInternals that can
> >do far beyond what Task Manager will do but it may be
> difficult to pinpoint
> >a rouge process unless you can compare to a known clean
> [hopefully prisitne]
> >like configured system. You may however track a process
> back to an folder or
> >an executeable. In particular TCPview, Process Explorer,
> PsList, and
> >Autoruns may be helpful. --- Steve
> >
> >http://www.sysinternals.com/ntw2k/freeware/procexp.shtm...
> >
> ><anonymous@discussions.microsoft.com> wrote in message
> >news:2137201c45a74$346d21d0$a101280a@phx.gbl...
> >>
> >> >-----Original Message-----
> >> >First off you have either been hacked or infected and
> >> need to take measures to remedy
> >> >that which may ultimately be to back up your data
> >> including your profile folders
> >> >under documents and settings and reinstalling your
> >> operating system. A full virus
> >> >scan with up to date definitions is needed and there
> are
> >> online sites such as the one
> >> >below that can help you. I would also run a parasite
> >> removal program such as AdAware
> >> >with the latest definitions which could find things
> >> missed by a virus scan program.
> >> >
> >>
> >> Thank you for your detailed reply. Unfortunately, I have
> >> been using latest definition of NAV, and few spyware
> >> programs, anty Trojan software, and nothing was
> detected.
> >> There is no visible suspected process in Task Manager, I
> >> can tell.
> >> >http://security.symantec.com/sscv6/default.asp?
> >> langid=ie&venid=sym
> >> >http://www.lavasoftusa.com/software/adaware/
> >> >
> >> >After you remedy that situation be sure that your virus
> >> scan program scans all your
> >> >emails, that you use a firewall, keep current with
> >> critical updates at Windows Update
> >> >which can be done automatically, and never use less
> than
> >> the default medium security
> >> >level for Internet Explorer internet web content zone.
> >> Also see that last link for
> >> >tips on removing files that you can not delete that may
> >> involve the use of some free
> >> >third party tools to find and kill the process using
> the
> >> file. --- Steve
> >> >
> >> >http://www.microsoft.com/security/protect/
> >> >http://mvps.org/winhelp2002/unwanted.htm#
> >> >http://support.microsoft.com/?kbid=320081
> >> >
> >> >"serg" <serg@discussions.microsoft.com> wrote in
> message
> >> >news:2131601c45a37$d4af35d0$a501280a@phx.gbl...
> >> >> Something (somebody) is generating a new folder named
> >> >> multimple digits/letters on my hard drive (Server
> 2000)
> >> >> every day.
> >> >> I can't delete it, because "directory not empty,
> files
> >> >> used by a proccess".
> >> >> I have tried to do it in Safe Mode & DOS with no
> >> success.
> >> >> How can I find out what proccess to kill, when the
> >> >> directories are hidden by name "."?
> >> >>
> >> >> Please help.
> >> >>
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >
April 2, 2013 4:00:36 AM

Anonymous said:
Archived from groups: microsoft.public.win2000.security (More info?)

Something (somebody) is generating a new folder named
multimple digits/letters on my hard drive (Server 2000)
every day.
I can't delete it, because "directory not empty, files
used by a proccess".
I have tried to do it in Safe Mode & DOS with no success.
How can I find out what proccess to kill, when the
directories are hidden by name "."?

Please help.


April 2, 2013 4:06:30 AM

hye .its me Raazeev Maan
methods
1 if it doesnt gives permissin to delete then gato that folder and open it and copy all of its contents and copy it to new folder.
if 1st method doesn't works then i will give u another method..
try it out
thank you
!