Cannot delete Malicious com& lpt folders

[Guest]

Windows 2000 Server SP4
I've tried DEL and RMDIR and still can't remove these folders.
D:\BBOLD\test1\test1\test1\com2 - The directory name is invalid.
D:\BBOLD\test2\test2\test2\lpt1 - The directory name is invalid.
D:\BBOLD\test3\test2\test2\com2 - The directory name is invalid.
D:\BBOLD\test3\test3\test3\com5 - The system cannot find the file specified.

Is there a way to remove these types of folders?

Scott

 

[David H. Lipman]

From: "Scott" <[email protected]>

| Windows 2000 Server SP4
| I've tried DEL and RMDIR and still can't remove these folders.
| D:\BBOLD\test1\test1\test1\com2 - The directory name is invalid.
| D:\BBOLD\test2\test2\test2\lpt1 - The directory name is invalid.
| D:\BBOLD\test3\test2\test2\com2 - The directory name is invalid.
| D:\BBOLD\test3\test3\test3\com5 - The system cannot find the file specified.
|
| Is there a way to remove these types of folders?
|
| Scott

Why do you say they are malicious ? Off hand they are reserved names.

However, this is VERY important because there is a class of malware using this technique to
stay rooted to the OS.

Open a command prompt

Use the following sysntax...

del \\.\D:\BBOLD\test1\test1\test1\com2

del \\.\D:\BBOLD\test2\test2\test2\lpt1

del \\.\D:\BBOLD\test3\test2\test2\com2

del \\.\D:\BBOLD\test3\test3\test3\com5

 

[Guest]

I tried that, doesn't work. I say malicious because the server in question
was rooted. I have fixed everything but these folders.
When I run the first command it says "Could Not Find
\\.\D:\BBOLD\test\test\test\com2\*"
If I run "del \\.\D:\BBOLD\test1\test1\test1" it asks if I'm sure and I say
yes and it runs the command but all the files still remain.
Any other suggestions?

 

[David H. Lipman]

From: "Scott" <[email protected]>

| I tried that, doesn't work. I say malicious because the server in question
| was rooted. I have fixed everything but these folders.
| When I run the first command it says "Could Not Find
| \\.\D:\BBOLD\test\test\test\com2\*"
| If I run "del \\.\D:\BBOLD\test1\test1\test1" it asks if I'm sure and I say
| yes and it runs the command but all the files still remain.
| Any other suggestions?
|


Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order

http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.subratam.org/index.php?showforum=7

 

[John John]

You might get some ideas here:

https://www.informit.com/articles/article.asp?p=31278&rl=1

The Posix/Unix tools are in the Resource Kits or can be downloaded here:

http://www.dynawell.com/support/ResKit/winnt.asp

John

 

[Frank Booth Snr]

Windows 2000 Server SP4
I've tried DEL and RMDIR and still can't remove these folders.
D:\BBOLD\test1\test1\test1\com2 - The directory name is invalid.
D:\BBOLD\test2\test2\test2\lpt1 - The directory name is invalid.
D:\BBOLD\test3\test2\test2\com2 - The directory name is invalid.
D:\BBOLD\test3\test3\test3\com5 - The system cannot find the file specified.

Is there a way to remove these types of folders?

From where were you trying to remove the folders from ?