Author |
Message |
D11
Elite Baiter
Joined: 02 Jul 2006
Posts: 1702
|
Posted:
Sat Jan 05, 2008 8:59 pm |
|
Heres one for the techies.
A friend running windows xp suspected a virus, so i said ok send me the drive and ill sort it out for you.
Drive arrives sure enough 2 stubburn files "access denied" so i think to myself - well a root user in linux a few seconds and them 2 files are historically dead - Not so - in root i got an "access denied"
Anyone know how to delete a file that even linux cannot?
The file isnt corrupt it sends the virus scanner crazy - its certainly new and in windows we cant even see the folder, in linux i can at least get near it. |
_________________
1x 0x
Click here to support 419Eater.com
I make software that drives lads crazy. Thats my revenge on lads. (it all helps)
this transaction is 100 percent risk/hitch free - bobo
why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello |
|
|
|
kleindoofy
*** BANNED ***
Joined: 24 Oct 2004
Posts: 6248
Location: Europe
|
Posted:
Sat Jan 05, 2008 9:05 pm |
|
|
|
|
D11
Elite Baiter
Joined: 02 Jul 2006
Posts: 1702
|
Posted:
Sat Jan 05, 2008 9:08 pm |
|
Cant format it, the data is unique and too valuable. |
_________________
1x 0x
Click here to support 419Eater.com
I make software that drives lads crazy. Thats my revenge on lads. (it all helps)
this transaction is 100 percent risk/hitch free - bobo
why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello |
|
|
|
Akai Ryu
Chuck Norris
Joined: 11 Jun 2007
Posts: 1369
|
Posted:
Sat Jan 05, 2008 9:09 pm |
|
But if the data is unique and valuable then it is backed up, yes? |
_________________ Several hundred fake escrows (and others) deaded--no longer counting.
aa419.org --dead a fake site today.
No, Akai, you're a wonderful bitch. --Reaper |
|
|
|
wayne
Account closed at users request
Joined: 05 Dec 2005
Posts: 3630
|
Posted:
Sat Jan 05, 2008 9:13 pm |
|
|
|
|
kleindoofy
*** BANNED ***
Joined: 24 Oct 2004
Posts: 6248
Location: Europe
|
Posted:
Sat Jan 05, 2008 9:19 pm |
|
@D1
I was joking.
However, data should never be unique. |
|
|
|
|
manbiteslion
Baiting Guru
Joined: 12 Dec 2007
Posts: 4816
Location: Connecting my chair and keyboard
|
Posted:
Sat Jan 05, 2008 9:33 pm |
|
I guess you tried 'safe mode' booting?
Try booting from a win98 cd or a dos disk - just enough os for IO but not enough for file protection.
Or Format C:\ (actually after any infection I suggest format c:\ every time - it's like a cheating spouse, sure maybe you'll go on together but the trust is completely blown...) |
|
|
|
|
D11
Elite Baiter
Joined: 02 Jul 2006
Posts: 1702
|
Posted:
Sat Jan 05, 2008 10:03 pm |
|
@kd i know lol im just stressed .
Sadly im working on his backup - both are infected.
I thought to do it via linux hoping it wont make the infection worse, and so mounted the drive as an external
media:/sda1
Quote: |
root@******* whoami
root
rm update.exe.mui
access denied. |
So then i think to myself - must be corrupted or somethings broken the file itself so i check - nope the files intact
Scratching me head next ive tried manually via root to change all perms on the file to everyone, every action 777 - wide open ive managed to rename it to update5939.exe.mui but thats about it - it still refuses to move, especially to the trash can. It cant possibly run under linux, yet its managing to hold on tight.
Edit: im now moving the files to a larger drive in linux and going to redo the drive, give it a new partition and clear out the mbr and set it all go again should fix it (i hope) |
_________________
1x 0x
Click here to support 419Eater.com
I make software that drives lads crazy. Thats my revenge on lads. (it all helps)
this transaction is 100 percent risk/hitch free - bobo
why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello |
|
|
|
kleindoofy
*** BANNED ***
Joined: 24 Oct 2004
Posts: 6248
Location: Europe
|
Posted:
Sat Jan 05, 2008 10:07 pm |
|
I've seen files that couldn't be deleted because they used characters in the file name that weren't recognized by the OS during processing of the dir elements.
e.g. / | etc.
In the old DOS days we used to protect directories from some users by typing an ASCII 255 at the end of the directory name. |
|
|
|
|
D11
Elite Baiter
Joined: 02 Jul 2006
Posts: 1702
|
Posted:
Sat Jan 05, 2008 10:32 pm |
|
Yea ive seen those, or when people name stuff like lpt1 lol,
ive double checked the attributes - its not showing as locked in linux, and the file can be opened etc - ive given up im going to copy whats good and not showing via fprot as infected - the first 2 do, and then re-partition it and format whats left. |
_________________
1x 0x
Click here to support 419Eater.com
I make software that drives lads crazy. Thats my revenge on lads. (it all helps)
this transaction is 100 percent risk/hitch free - bobo
why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello |
|
|
|
Old No. 7
Master of Master Baiters
Joined: 31 Jul 2007
Posts: 777
Location: Somewhere Else
|
Posted:
Sat Jan 05, 2008 11:21 pm |
|
I had a similar problem with a file once and was given this modality:
I managed to get the file on its own in a folder I didn't need. Then used
rd<space>/S<space>"\\?\C:\directory\folder"
where C:\directory\folder is the root folder that needs deleting
Worked like a charm in XP Pro - folder went and took file with it. Apparently it forces a delete. I can't remember whether I ran it in "run" or from a command prompt - I guess you could try run first.
The other thing you could try, if you have one, is to use a secure shredder on the file. There's plenty to download free (there's one as part of Spybot, for example, although I use simplefileshredder) |
_________________ 200+ sites killed, from these countries => �
Like my flags? Want some of your own? Let justjay teach you how to kill sites here (clicky).
Hobbes may have retired, but get his brilliant WriteJunk here (clicky) and never touch a .dll again
Proud to be a mouth-breather who posted a load of shit, disappeared into the night but mysteriously reappeared after a long absence |
|
|
|
rootuser
Elite Baiter
Joined: 10 Dec 2007
Posts: 1632
Location: Right behind you
|
Posted:
Sun Jan 06, 2008 4:35 am |
|
Is the drive formatted with NTFS? Do you just mount it or do you use the NTFSProgs or NTFS-3g together with FUSE to access it?
If you just mount it, and thus use the kernel-driver, you won't be able to write on the drive. If you use either the NTFSProgs or NTFS-3g, you might want to try using the one you're currently not using.
I've experienced a couple of times that I couldn't delete a file in Windows, but never have seen a file resist Linux... |
_________________ "..., if it not the destiny has reduced us together, then who?"
"may u die tomorrow in jesus name"
"The devil has eaten away your soul as you will decay in the hail fire, so go and die with your dyning devil hopless devil advocate."
"This is what i sent to them am not with any money to go back to nigeria pls help."
(0.25 go to fake_buster)
x4 Wole A.: Akure, Nigeria to Cotonou, Benin, Akure, Nigeria to Tanguieta, Benin (both with Thomas-the-Tank and Simba), Akure, Nigeria to Kano, Nigeria (with TtT and OD), Akure, Nigeria to Abidjan, Cote d'Ivoire (with TtT)
|
|
|
|
Miss Behaving
Master Baiter
Joined: 20 Apr 2006
Posts: 190
Location: Down the bookies
|
Posted:
Sun Jan 06, 2008 11:05 am |
|
I used to try overwriting the file with one of the same name - e.g.
Change undeletable filename to 'trash.txt'
Save a txt file into the same folder as 'trash.txt'
confirm that you want to overwrite it, then delete trash.txt.
Might work for you if you can do that through Linux or sommat. |
_________________ Come to the dark side, we have sweeties.
I bait scummy flatshare/rental scammers. PM the details if you encounter one!
x 5 |
|
|
|
Ivor Grimey Colon
"Trophy slut"
Joined: 16 Jun 2005
Posts: 1338
Location: England
|
Posted:
Sun Jan 06, 2008 12:47 pm |
|
This seems far too simple to be the cause, but it's all I can think of:
Is the device an NTFS volume, and if so, do you have the NTFS-3g filesystem driver installed? Otherwise, Linux won't be able to write changes (and therefore delete files) on the volume.
Edit: Damn, didn't read rootuser's post |
_________________ x25 x24 Togo-Ghana "If i tell you that i am happy the way you are playing me i am a lier" - Uche Onwuka
"YOU ARE AN IDIOT AND SON OF A BITCH" - Barrister Melodie Bekee
"If your bait does not cause an ethics thread, you are not baiting hard enough." - YeaWhatever
Pimp My Number | A Donation a Day keeps Nurse Nasty at bay |
|
|
|
D11
Elite Baiter
Joined: 02 Jul 2006
Posts: 1702
|
Posted:
Sun Jan 06, 2008 4:13 pm |
|
Yup its definately using the right ntfs tools, it can edit write and delete all the other files on the mount only those 2 refused to budge.
In the end what i did was use linux to cut the 200+gigs onto a 3rd drive which it did, as it wouldnt move any infected files it was quite cool.
i then called in another mate to sort out the final bit, in years ive never seen a file that linux as root cant take ownership of and delete, ive had corrupt files broken ntfs the lot and linux has always sorted it, this time it wouldnt budge.
As a side note this issue is now solved had to flatten the drive (repartition it etc) but having a linux live cd is a good idea for everyone even if they only use windows - when things go wrong at least linux can get in deep and help move the other stuff. Also linux copies files faster than windows in windows im not sure ive never had to copy 200+ gigs before - but linux suse live 10.2 took 4 hours 8 minutes - dont think windows can do it that quick |
_________________
1x 0x
Click here to support 419Eater.com
I make software that drives lads crazy. Thats my revenge on lads. (it all helps)
this transaction is 100 percent risk/hitch free - bobo
why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello |
|
|
|
mark2
Not quite a Newb
Joined: 24 Jan 2005
Posts: 28
Location: South West UK
|
Posted:
Sun Jan 06, 2008 6:19 pm |
|
I've just experienced a similar problem with several txt files in a folder in winblows, access denied, copied the folder to a usb key using puppylinux, rebooted to winblows, an empty folder, back we go copied the files 1 by 1, rebooted tried to copy them into the necessary folder and overwrite, access denied, deleted the whole folder (in windows) then created the new one then they copied across fine. |
|
|
|
|
D11
Elite Baiter
Joined: 02 Jul 2006
Posts: 1702
|
Posted:
Sun Jan 06, 2008 9:36 pm |
|
@mark linux normally can shift even the most stubborn files, or at least crush them to bits and reset them. The two on that drive simply refused to be moved, deleted (in windows you could not even see them and access to the folder is also denied)
As they were windows mui extension linux certainly would not have had them in use. That was me thinking as linux couldnt run them the virus couldnt continue on its course - that bit i got right but deletion proved a nightmare.
@miss behaving because of the access denied on the file in entirety rename could only be done by sheer brute force using linux I also used linux to kill the partition.
My best guess as to how it was done is in the disk something nasty got low level into the 512k and locked itself from there, thus linux was forced to see the same permissions windows did - because when i tried a simple reformat i got the same - access denied. So i just ran linux's best command -
Code: |
fdisk /dev/sda1 << windows stole that lol
then the P to see the partitions then the D to delete em which is sda1 so we select 1 as thats correct and kaboom problem gone now its just a case of clicking n and then p and then 1 then let it do it default- you really want the primary partiton to begin at cylinder 63 then your asked where to end again just click return - linux will being at the start - cylinder 63 sector 1
next you need to know the filesystem code NTFS is listed if you press L as are others such as 83 for the standard linux ext2 system. but i chose windows one, anyhow then i just has to fsck it up (Thats not a swear word lol its a command to format it :twisted: ) |
A few notes if you follow that little tutorial above to use linux to partiton and format a drive - i didnt mention mkfs or any prep work that needs doing its accurate but incomplete so dont blindly follow that. |
_________________
1x 0x
Click here to support 419Eater.com
I make software that drives lads crazy. Thats my revenge on lads. (it all helps)
this transaction is 100 percent risk/hitch free - bobo
why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello |
|
|
|
|