You can remove files like this using the POSIX subsystem. http://support.microsoft.com/support/kb/articles/Q120/7/16.asp -----Original Message----- From: Slivkoff, Michael M [mailto:michael.slivkoffat_private] Sent: Thursday, September 27, 2001 1:49 PM To: 'incidentsat_private' Subject: RE: pubdestroyer2001.exe via anonymous FTP? I had a problem like this. I had an upload directory on anonymous ftp that was set write only. Some wonderful person tagged it with a directory called com1. Couldn't get rid of it for the life of me (win2k system). I still have a write only anonymous upload directory, but I disabled directory create. Anyone know how to get rid of a directory named with a system-reserved name? Other than deleting the drive. And how would you create it in the first place? -----Original Message----- From: Patrick Andry [mailto:pandryat_private] Sent: Thursday, September 27, 2001 12:47 PM To: Mike Shaw Cc: incidentsat_private Subject: Re: pubdestroyer2001.exe via anonymous FTP? Mike Shaw wrote: > I'm working with someone who had unwittingly left an anonymous ftp > server available to the 'net with write access. > > The good news: nice mp3 and Divx collection. > The bad news: In the root there was a file named pubdestroyer2001.exe > that we had some trouble deleting. There were many spaces at > the end of the file name. We were able to nix it by deleting the 8.3 > file name. > > Has anyone seen this before? Anyone interested in a copy of the file? > > Thanks > -Mike > > > ------------------------------------------------------------------------ ---- > > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management and > tracking system please see: http://aris.securityfocus.com Undeletable files are a norm among warez sites. Also hidden and/or undeletable directories are also a trademark. There was a discussion here about it a few months back. Essentially, it's a last ditch effort to prevent the sysadmin from cutting off the warez ftp. Usually keeps the site going for a few minutes extra :) ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 14:06:58 PDT