cannot delete folders created via FTP

[vcant]

one of the servers i work with (not mine luckely) got hacked recently. Well actually not really hacked, because the ownew 'wisely' opened anonimouse FTP access to it(acting on a tip from the hosting company support ).

anywho, of course someone got in, created lots and lots of folders, and uploaded DVD movies (28 Gigs of them ).

while the guy is sorting the issue out with the hosting provider, he asked me to delete the folders, but for some reason i cannot, the folders have illegal name, and windows cannot read them. any ideas how to delete these folders?

[Robertson]

I had similar problem once. Set your ftp client to show hidden files and then delete the hidden files. As theres some .htaccess and a few others that have to be removed inidividually

[XPerties]

Set your ftp client to show hidden files and chmod the permissions to 777. If that doesn't work tell the root owner to do it. That is his job.

[vcant]

the problem is different,

first of all its windows so no .htaccess there.

the fiolders are not hidden, but have illegal windows name, so windows does not read them.(if i click properties on one of them, it shows no name, and no size, and if i click delete, it says that windows cannot read specified file)

example: the folder in windows explorer looks has the name ' blahblah ' (with some spaces before and after the name), but when i checked the FTP log, they were created as '++++blahblah+++' and for some reason windows doesnt recognize them.

i will attach some screenshots.

edit

i cannot attach screenshots, because computer has been taken offline.

edit

here is the part of the FTP log file, when the directories were created:

08:47:22 ip address[40]MKD /+/++++++aux+%20%d+0++++++./+ 257
08:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++./+ 257
08:47:23 ip address[40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++prn+%20%d+0+++++++./+ 257
08:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++prn+%20%d+0+++++++/++RandoMaze+4,1233403578366E+36++./+ 257
08:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++com+%20%d+1++++++++./+ 257
08:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++com+%20%d+1++++++++/++RandoMaze+2,82743338823081E+36++./+ 257
08:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++nul+%20%d+2++++./+ 257
08:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++nul+%20%d+2++++/++RandoMaze+6,28318530717959E+35++./+ 257
08:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/+++con+%20%d+3++++++++./+ 257
08:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/+++con+%20%d+3++++++++/++RandoMaze+4,24115008234622E+36++./+ 257
08:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++++com+%20%d+4+++./+ 257
08:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++++com+%20%d+4+++/++RandoMaze+7,85398163397448E+35++./+ 257
08:47:23 ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/+++++++aux+%20%d+5++++++++./+ 257
08:47:23  ip address  [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/+++++++aux+%20%d+5++++++++/++RandoMaze+7,06858347057704E+36++./+ 257
08:47:24  ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++++lpt+%20%d+6+++++./+ 257
08:47:24  ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++++lpt+%20%d+6+++++/++RandoMaze+3,53429173528852E+36++./+ 257
08:47:24  ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/+++++++aux+%20%d+7+++++./+ 257
08:47:24  ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/+++++++aux+%20%d+7+++++/++RandoMaze+3,53429173528852E+36++./+ 257
08:47:24  ip address [40] MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++++lpt+%20%d+8+++++++./+ 257
08:47:24  ip address [40]MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+0+++++++/++++++lpt+%20%d+8+++++++/++RandoMaze+5,89048622548086E+36++./+ 257
08:47:24  ip address [40]MKD /+/++++++aux+%20%d+0++++++/++++++aux+%20%d+1+++./+ 257

[dvprao]

I also have a similar issue.

I deleted all the cd image files but there are some empty folders which i can not seem to delete. I can see a zip file but can not access it. The filw shows as though it has a size etc.

Any hint on how to sort this out will be of great help.

Thanks in advance to any one who responds.

[Thanatos]

They include AUX, its one of windows' 'reserved words', like CON, PRN etc. You can't create folders with those names under windows. The only thing I can think of is to try to delete them under linux

[possumus]

Hello to everybody. I'm from Argentina and I have a very bad english. Sorry for that.

The folders created at the moment of hacking can be deleted with Norton Commander. You can do this locally or in a terminal server session, or mapping a network unit (the unit that contain the folders) and running the norton commander.

I have been hacked two times, and I quit the anonimous access for ftp. I hope that will stop them.

[ChrisG631]

u can delete the dir's in dos..just use:

rmdir /s "path"

[XPerties]

and I quit the anonimous access for ftp.

Bad. I don't allow it on my servers and never will. Your asking for trouble.

[jlw747]

I have the same problem as 'vcant'. It is a Windows XP machine and the folder is on a RAID drive.

I have tried all the 'safe mode' 'command prompt' etc, tried the rmdir /s but none of it works.

I would really appreciate any help!!

[jlw747]

I have just received an e-mail which has fixed this problem

use dir /X to get the 8.3 folder name

then RD /S and path\8.3 foldername

It would not work over a network 'mapped drive', I got 'access denied'.

Tried it on the machine with the problem folder and it worked like a charm.

Thanks to sarthed.

[ayehia]

You must be logged on locally to the Windows-based computer to delete these files.

If the file was created on a file allocation table (FAT) partition, you may be able to delete the file under MS-DOS by using standard command line utilities (such as DEL) with wildcard (*) characters, for example:

DEL PR?.*

-or-

DEL LPT?.*

These commands do not work on an NTFS file system partition. For this case another option would be to use a syntax that bypasses the normal reserved-word checks altogether. You may be able to delete any file by using a command like this:

DEL \\.\drive letter:\path\file name

For example:

DEL \\.\c:\somedir\aux

If the name in the file system appears as a directory, you may be able to delete any directory by using a command like this:

RD \\.\drive letter:\path\directory name

For example:

RD \\.\c:\somedir\aux

[FthrJACK]

The folders will be full of warez.

as you know the paths for them, connect to the FTP using a client and put the path in the browser bar and see whats inside the folders.

people scan ip ranges and then create these folders to fill with warez as you probably know. But i think you can delete them under DOS.

Also, maybe turning windows file protection off will help? ive never had to do this so im going on a limb here.

[jchapz29]

You have to figure out the generated short names, then use rmdir /s to remove the directories by these short names. To find out what the short names are, use dir /x from a command prompt. You cannot delete these types of folders from the top level. You have to cd (change dir) to them, all the way to the bottom of the structure, and work your way up.

[Famer]

Hard format is what i hear coming next if he cant wipe the folders offf the system