Can't delete folders

Archived from groups: microsoft.public.win2000.security (More info?)

Something (somebody) is generating a new folder named
multimple digits/letters on my hard drive (Server 2000)
every day.
I can't delete it, because "directory not empty, files
used by a proccess".
I have tried to do it in Safe Mode & DOS with no success.
How can I find out what proccess to kill, when the
directories are hidden by name "."?

Please help.
7 answers Last reply
More about delete folders
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    First off you have either been hacked or infected and need to take measures to remedy
    that which may ultimately be to back up your data including your profile folders
    under documents and settings and reinstalling your operating system. A full virus
    scan with up to date definitions is needed and there are online sites such as the one
    below that can help you. I would also run a parasite removal program such as AdAware
    with the latest definitions which could find things missed by a virus scan program.

    http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
    http://www.lavasoftusa.com/software/adaware/

    After you remedy that situation be sure that your virus scan program scans all your
    emails, that you use a firewall, keep current with critical updates at Windows Update
    which can be done automatically, and never use less than the default medium security
    level for Internet Explorer internet web content zone. Also see that last link for
    tips on removing files that you can not delete that may involve the use of some free
    third party tools to find and kill the process using the file. --- Steve

    http://www.microsoft.com/security/protect/
    http://mvps.org/winhelp2002/unwanted.htm#
    http://support.microsoft.com/?kbid=320081

    "serg" <serg@discussions.microsoft.com> wrote in message
    news:2131601c45a37$d4af35d0$a501280a@phx.gbl...
    > Something (somebody) is generating a new folder named
    > multimple digits/letters on my hard drive (Server 2000)
    > every day.
    > I can't delete it, because "directory not empty, files
    > used by a proccess".
    > I have tried to do it in Safe Mode & DOS with no success.
    > How can I find out what proccess to kill, when the
    > directories are hidden by name "."?
    >
    > Please help.
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    >-----Original Message-----
    >First off you have either been hacked or infected and
    need to take measures to remedy
    >that which may ultimately be to back up your data
    including your profile folders
    >under documents and settings and reinstalling your
    operating system. A full virus
    >scan with up to date definitions is needed and there are
    online sites such as the one
    >below that can help you. I would also run a parasite
    removal program such as AdAware
    >with the latest definitions which could find things
    missed by a virus scan program.
    >

    Thank you for your detailed reply. Unfortunately, I have
    been using latest definition of NAV, and few spyware
    programs, anty Trojan software, and nothing was detected.
    There is no visible suspected process in Task Manager, I
    can tell.
    >http://security.symantec.com/sscv6/default.asp?
    langid=ie&venid=sym
    >http://www.lavasoftusa.com/software/adaware/
    >
    >After you remedy that situation be sure that your virus
    scan program scans all your
    >emails, that you use a firewall, keep current with
    critical updates at Windows Update
    >which can be done automatically, and never use less than
    the default medium security
    >level for Internet Explorer internet web content zone.
    Also see that last link for
    >tips on removing files that you can not delete that may
    involve the use of some free
    >third party tools to find and kill the process using the
    file. --- Steve
    >
    >http://www.microsoft.com/security/protect/
    >http://mvps.org/winhelp2002/unwanted.htm#
    >http://support.microsoft.com/?kbid=320081
    >
    >"serg" <serg@discussions.microsoft.com> wrote in message
    >news:2131601c45a37$d4af35d0$a501280a@phx.gbl...
    >> Something (somebody) is generating a new folder named
    >> multimple digits/letters on my hard drive (Server 2000)
    >> every day.
    >> I can't delete it, because "directory not empty, files
    >> used by a proccess".
    >> I have tried to do it in Safe Mode & DOS with no
    success.
    >> How can I find out what proccess to kill, when the
    >> directories are hidden by name "."?
    >>
    >> Please help.
    >>
    >
    >
    >.
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    That is interesting as apparently something is causing that behaviour. Maybe
    you are unlucky enough to have one of the root kit system compromises that
    will not be detected by normal means, and I am not sure what the best way is
    to detect one but if it was my computer I would reformat and reinstall as I
    suggested before if nothing obvious turned up that was easily fixed. Below
    is a link to an article on root kit attacks. Also search http://Google.com
    web AND news for "windows root kits" if interested.

    http://www.securityfocus.com/news/2879

    If you want to try more detailed analysis of what is going on in your
    operating system I would suggest some free tools from SysInternals that can
    do far beyond what Task Manager will do but it may be difficult to pinpoint
    a rouge process unless you can compare to a known clean [hopefully prisitne]
    like configured system. You may however track a process back to an folder or
    an executeable. In particular TCPview, Process Explorer, PsList, and
    Autoruns may be helpful. --- Steve

    http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

    <anonymous@discussions.microsoft.com> wrote in message
    news:2137201c45a74$346d21d0$a101280a@phx.gbl...
    >
    > >-----Original Message-----
    > >First off you have either been hacked or infected and
    > need to take measures to remedy
    > >that which may ultimately be to back up your data
    > including your profile folders
    > >under documents and settings and reinstalling your
    > operating system. A full virus
    > >scan with up to date definitions is needed and there are
    > online sites such as the one
    > >below that can help you. I would also run a parasite
    > removal program such as AdAware
    > >with the latest definitions which could find things
    > missed by a virus scan program.
    > >
    >
    > Thank you for your detailed reply. Unfortunately, I have
    > been using latest definition of NAV, and few spyware
    > programs, anty Trojan software, and nothing was detected.
    > There is no visible suspected process in Task Manager, I
    > can tell.
    > >http://security.symantec.com/sscv6/default.asp?
    > langid=ie&venid=sym
    > >http://www.lavasoftusa.com/software/adaware/
    > >
    > >After you remedy that situation be sure that your virus
    > scan program scans all your
    > >emails, that you use a firewall, keep current with
    > critical updates at Windows Update
    > >which can be done automatically, and never use less than
    > the default medium security
    > >level for Internet Explorer internet web content zone.
    > Also see that last link for
    > >tips on removing files that you can not delete that may
    > involve the use of some free
    > >third party tools to find and kill the process using the
    > file. --- Steve
    > >
    > >http://www.microsoft.com/security/protect/
    > >http://mvps.org/winhelp2002/unwanted.htm#
    > >http://support.microsoft.com/?kbid=320081
    > >
    > >"serg" <serg@discussions.microsoft.com> wrote in message
    > >news:2131601c45a37$d4af35d0$a501280a@phx.gbl...
    > >> Something (somebody) is generating a new folder named
    > >> multimple digits/letters on my hard drive (Server 2000)
    > >> every day.
    > >> I can't delete it, because "directory not empty, files
    > >> used by a proccess".
    > >> I have tried to do it in Safe Mode & DOS with no
    > success.
    > >> How can I find out what proccess to kill, when the
    > >> directories are hidden by name "."?
    > >>
    > >> Please help.
    > >>
    > >
    > >
    > >.
    > >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    I have noticed, on each server restart, on all hard drives
    is activated File Sharing. There is no sharing icon in
    Windows Explorer, but when I go to HD Properties the
    sharing is enabled.
    It is very hard for me to reinstall OS, because this is an
    active Web Server.


    >-----Original Message-----
    >That is interesting as apparently something is causing
    that behaviour. Maybe
    >you are unlucky enough to have one of the root kit system
    compromises that
    >will not be detected by normal means, and I am not sure
    what the best way is
    >to detect one but if it was my computer I would reformat
    and reinstall as I
    >suggested before if nothing obvious turned up that was
    easily fixed. Below
    >is a link to an article on root kit attacks. Also search
    http://Google.com
    >web AND news for "windows root kits" if interested.
    >
    >http://www.securityfocus.com/news/2879
    >
    >If you want to try more detailed analysis of what is
    going on in your
    >operating system I would suggest some free tools from
    SysInternals that can
    >do far beyond what Task Manager will do but it may be
    difficult to pinpoint
    >a rouge process unless you can compare to a known clean
    [hopefully prisitne]
    >like configured system. You may however track a process
    back to an folder or
    >an executeable. In particular TCPview, Process Explorer,
    PsList, and
    >Autoruns may be helpful. --- Steve
    >
    >http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
    >
    ><anonymous@discussions.microsoft.com> wrote in message
    >news:2137201c45a74$346d21d0$a101280a@phx.gbl...
    >>
    >> >-----Original Message-----
    >> >First off you have either been hacked or infected and
    >> need to take measures to remedy
    >> >that which may ultimately be to back up your data
    >> including your profile folders
    >> >under documents and settings and reinstalling your
    >> operating system. A full virus
    >> >scan with up to date definitions is needed and there
    are
    >> online sites such as the one
    >> >below that can help you. I would also run a parasite
    >> removal program such as AdAware
    >> >with the latest definitions which could find things
    >> missed by a virus scan program.
    >> >
    >>
    >> Thank you for your detailed reply. Unfortunately, I have
    >> been using latest definition of NAV, and few spyware
    >> programs, anty Trojan software, and nothing was
    detected.
    >> There is no visible suspected process in Task Manager, I
    >> can tell.
    >> >http://security.symantec.com/sscv6/default.asp?
    >> langid=ie&venid=sym
    >> >http://www.lavasoftusa.com/software/adaware/
    >> >
    >> >After you remedy that situation be sure that your virus
    >> scan program scans all your
    >> >emails, that you use a firewall, keep current with
    >> critical updates at Windows Update
    >> >which can be done automatically, and never use less
    than
    >> the default medium security
    >> >level for Internet Explorer internet web content zone.
    >> Also see that last link for
    >> >tips on removing files that you can not delete that may
    >> involve the use of some free
    >> >third party tools to find and kill the process using
    the
    >> file. --- Steve
    >> >
    >> >http://www.microsoft.com/security/protect/
    >> >http://mvps.org/winhelp2002/unwanted.htm#
    >> >http://support.microsoft.com/?kbid=320081
    >> >
    >> >"serg" <serg@discussions.microsoft.com> wrote in
    message
    >> >news:2131601c45a37$d4af35d0$a501280a@phx.gbl...
    >> >> Something (somebody) is generating a new folder named
    >> >> multimple digits/letters on my hard drive (Server
    2000)
    >> >> every day.
    >> >> I can't delete it, because "directory not empty,
    files
    >> >> used by a proccess".
    >> >> I have tried to do it in Safe Mode & DOS with no
    >> success.
    >> >> How can I find out what proccess to kill, when the
    >> >> directories are hidden by name "."?
    >> >>
    >> >> Please help.
    >> >>
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    That probably is the default administrative shares you are seeing such as C$, etc.
    Those are hidden and only available to administrators. If you have no reason to share
    folders on our server you can [and should] disable or uninstall file and print
    sharing. Note if you do disable it that you can not use Computer Management or other
    utilities that rely on it, though you can use Terminal Services in remote
    administrative mode if need be. On a web server it is also a great idea to run the
    IIS Lockdown tool for your version of IIS, though I would not recommend doing such
    without a full backup first including the System State and IIS configuration via the
    IIS Management Console. Hopefully you are using a firewall to restrict both inbound
    AND outbound traffic to authorized traffic. In a pinch you can use the built in ipsec
    to create a filtering policy to manage outbound traffic if need be to allow outbound
    only from ports 80 and 443 tcp, etc on your web server. The nice thing about ipsec
    policy is that they take effect almost immediately after you assign or unassign it -
    no software to install or a reboot required. --- Steve

    http://www.microsoft.com/technet/security/tools/locktool.mspx
    http://www.winnetmag.com/Article/ArticleID/24273/24273.html
    http://www.securityfocus.com/infocus/1559

    "Serg" <serg@discussions.microsoft.com> wrote in message
    news:21c9901c45ae2$f7d3d420$a001280a@phx.gbl...
    > I have noticed, on each server restart, on all hard drives
    > is activated File Sharing. There is no sharing icon in
    > Windows Explorer, but when I go to HD Properties the
    > sharing is enabled.
    > It is very hard for me to reinstall OS, because this is an
    > active Web Server.
    >
    >
    > >-----Original Message-----
    > >That is interesting as apparently something is causing
    > that behaviour. Maybe
    > >you are unlucky enough to have one of the root kit system
    > compromises that
    > >will not be detected by normal means, and I am not sure
    > what the best way is
    > >to detect one but if it was my computer I would reformat
    > and reinstall as I
    > >suggested before if nothing obvious turned up that was
    > easily fixed. Below
    > >is a link to an article on root kit attacks. Also search
    > http://Google.com
    > >web AND news for "windows root kits" if interested.
    > >
    > >http://www.securityfocus.com/news/2879
    > >
    > >If you want to try more detailed analysis of what is
    > going on in your
    > >operating system I would suggest some free tools from
    > SysInternals that can
    > >do far beyond what Task Manager will do but it may be
    > difficult to pinpoint
    > >a rouge process unless you can compare to a known clean
    > [hopefully prisitne]
    > >like configured system. You may however track a process
    > back to an folder or
    > >an executeable. In particular TCPview, Process Explorer,
    > PsList, and
    > >Autoruns may be helpful. --- Steve
    > >
    > >http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
    > >
    > ><anonymous@discussions.microsoft.com> wrote in message
    > >news:2137201c45a74$346d21d0$a101280a@phx.gbl...
    > >>
    > >> >-----Original Message-----
    > >> >First off you have either been hacked or infected and
    > >> need to take measures to remedy
    > >> >that which may ultimately be to back up your data
    > >> including your profile folders
    > >> >under documents and settings and reinstalling your
    > >> operating system. A full virus
    > >> >scan with up to date definitions is needed and there
    > are
    > >> online sites such as the one
    > >> >below that can help you. I would also run a parasite
    > >> removal program such as AdAware
    > >> >with the latest definitions which could find things
    > >> missed by a virus scan program.
    > >> >
    > >>
    > >> Thank you for your detailed reply. Unfortunately, I have
    > >> been using latest definition of NAV, and few spyware
    > >> programs, anty Trojan software, and nothing was
    > detected.
    > >> There is no visible suspected process in Task Manager, I
    > >> can tell.
    > >> >http://security.symantec.com/sscv6/default.asp?
    > >> langid=ie&venid=sym
    > >> >http://www.lavasoftusa.com/software/adaware/
    > >> >
    > >> >After you remedy that situation be sure that your virus
    > >> scan program scans all your
    > >> >emails, that you use a firewall, keep current with
    > >> critical updates at Windows Update
    > >> >which can be done automatically, and never use less
    > than
    > >> the default medium security
    > >> >level for Internet Explorer internet web content zone.
    > >> Also see that last link for
    > >> >tips on removing files that you can not delete that may
    > >> involve the use of some free
    > >> >third party tools to find and kill the process using
    > the
    > >> file. --- Steve
    > >> >
    > >> >http://www.microsoft.com/security/protect/
    > >> >http://mvps.org/winhelp2002/unwanted.htm#
    > >> >http://support.microsoft.com/?kbid=320081
    > >> >
    > >> >"serg" <serg@discussions.microsoft.com> wrote in
    > message
    > >> >news:2131601c45a37$d4af35d0$a501280a@phx.gbl...
    > >> >> Something (somebody) is generating a new folder named
    > >> >> multimple digits/letters on my hard drive (Server
    > 2000)
    > >> >> every day.
    > >> >> I can't delete it, because "directory not empty,
    > files
    > >> >> used by a proccess".
    > >> >> I have tried to do it in Safe Mode & DOS with no
    > >> success.
    > >> >> How can I find out what proccess to kill, when the
    > >> >> directories are hidden by name "."?
    > >> >>
    > >> >> Please help.
    > >> >>
    > >> >
    > >> >
    > >> >.
    > >> >
    > >
    > >
    > >.
    > >
  6. Anonymous said:
    Archived from groups: microsoft.public.win2000.security (More info?)

    Something (somebody) is generating a new folder named
    multimple digits/letters on my hard drive (Server 2000)
    every day.
    I can't delete it, because "directory not empty, files
    used by a proccess".
    I have tried to do it in Safe Mode & DOS with no success.
    How can I find out what proccess to kill, when the
    directories are hidden by name "."?

    Please help.
  7. hye .its me Raazeev Maan
    methods
    1 if it doesnt gives permissin to delete then gato that folder and open it and copy all of its contents and copy it to new folder.
    if 1st method doesn't works then i will give u another method..
    try it out
    thank you
Ask a new question

Read More

Windows