How to delete aux, com1, com2, prn, con, and nul vulnerability Trojans

In Windows, the following words cannot be used to name files/folders, including "aux" "com1" "com2" "prn" "con" and "nul, because these names belong to the device name, they are equivalent to a DOS device. If we name these names in the file, Windows will mistakenly think that a duplicate name occurs, therefore, the system prompts "you cannot create a file with the same name" and so on.
Of course, there are some special ways to steal the opportunity and create a folder named by these devices. For example, we execute "md C: aux \" at the command prompt \", create a folder named aux on the C drive. Although this folder can be accessed or created, it cannot be deleted because Windows does not allow devices to be deleted in this way. In the system's view, this aux folder is a device. So, how to delete such files/folders? You only need to enter the file path and file name correctly according to the complete UNC path format, that is, the path format of the network neighbor. For example, to delete the aux folder under drive C, run: rd/s \. c: aux, rd is the command for deleting folders at the command prompt. The/s parameter indicates deleting a specified file from all subdirectories. For example, to delete the nul.exe file in the temp folder of drive C, run del \. C: empul.exe at the command prompt.

In Windows, files or folders cannot be named by device names. These device names include aux, com1, com2, prn, con, and nul, however, a vulnerability in Windows 2000/XP allows you to name a file or folder by device name, so that Trojans can be hidden in it without being detected.

Modify the folder option on the server-View-hide the protected operating system file [deselect the check box] to check whether the file attributes are RHSA system files and cannot be deleted or moved,
Then, how to completely delete these files? First, run cmd and enter the following command:
Rmdir \. D: wwwrootestwwwroot/s/q
Note: D: wwwrootestwwwroot is the directory where your website is located (replace with it). Before executing the preceding command, move the website program to another directory;
These files can be permanently deleted by running the preceding command 1-2 times. Pay attention to the website vulnerability fix, which is generally caused by the aux.asp;aux.jpg webshell Upload Vulnerability.
This method has some advantages, but the website operation cannot be stopped. In addition, you can use tools to solve such problems.
The deletion method is as follows:
Step 1: Go to the server, open tools> Folder Options> View> "Hide protected operating system files (recommended)", and remove the hooks at the front, select "show all files and folders ".

Check the creation time of the Trojan file and search for the file created at the same time.

Step 2: Download Unlocker or the brute force File Deletion tool to delete these files.

Method 3 is the simplest and most convenient. You can run the following command to delete the file:

Del/f/a/q \? \ % 1
Rd/s/q \? \ % 1

Save the above command as a file with the. bat suffix name, and then drag the files or folders that cannot be deleted to the bat file.

I have verified that the third method is simple, convenient, secure, and reliable, and is not prone to misoperations.