Summary of Malformed Windows files

I don't know if you have encountered some situations where files or folders cannot be deleted while using your computer. Of course, there are many reasons for deletion failure. We recommend that you use the 360 unlock function for normal objects that cannot be deleted due to "the file is in use", although it is not very easy to use, however, it is not found that the software is better than it currently (360 is helpless on Windows 7, but I recommend a software for Windows XP: Super patrol force Delete (click to download ). It can only be used on XP and can delete any file, regardless of whether the file is used, including the operating system .).

This article mainly describes some cases where windows system vulnerabilities cannot be deleted. Some malware often exploit system vulnerabilities to create malformed and illegal files... . According to my knowledge, a total of five methods are used to create an illegal file, which are listed as follows (the CMD command is run in cmd, and MD is used to create a folder ):

1,MD c :\... \The folders created in this method are hidden, unopened, and undeletable. Of course, hiding is not a common hiding, which is invisible in the Windows built-in Resource Manager.

2,MD "C: \ test/"Add spaces and quotation marks. The folder created in this method is visible and can be opened. You can create, copy, and delete files under the folder, but cannot delete them. A typical feature is that there are spaces at the end of the folder.

3,MD c: \ test... \This is the most common. The folder created in this method is visible, not open, and not deleted. A typical feature is that the folder tail has ".".

4,MD\. \ C: \ con \In this way, a file with the same device name is created and cannot be deleted. The file may be inaccessible based on the actual situation of the system. Because the folder name must be the same as the device name, the typical feature of this method is that the folder name is fixed in one of the following: con, aux, COM1, com2, PRN, NUL.

5,Ultra-long file name. Some folders with too long names are nested, leading to inner folders being inaccessible due to the path name process. For example, c: \ 111... 1 \ 111... 11 \ 111 .... 1 \ 2 \ at this time, the 2 folder at the bottom won't be accessible.

The above is what I know about illegal Folder creation.CubeMethod. Note that the unaccessible and undeleted mentioned above refer to the Windows resource manager. You can use the CMD command to operate these folders. Otherwise, what is the significance? When operating these files with the Windows built-in manager, you will often see the error prompt: The target does not exist, the system could not find the project, path error, parameter error, invalid MS-DOS function and so on similar prompts.

Next we will explain how to operate these folders.

For the firstThis method is basically no longer valid because it is only valid on Win98. It is estimated that Win98 is not used now, so it is skipped.

For the second and third typesThe two methods can be killed by one killer. The alias is used. We don't need to consider how the folder is structured or how it is built. Just look at its alias and you can operate it freely. The alias can be viewed by using the Dir command +/X parameter. For example, the Dir c: \/X command is used to view all files in drive C and display aliases.

 

We can use the alias to operate this file at will, for example, to access cd c: \ ab259 ~ 1 \ Delete RD c: \ ab259 ~ 1 \.

for the fourth method, the files created by this method are special, can I use a Windows built-in manager to access the system? What should I do if there is no alias? Let's recall how it works: Create an illegal file with the same name as the device using the network location. This statement indicates that the built-in manager cannot be operated because it is in the network location, so we can add the network location during access! Add \\. \ in front of the path \\.\. For example, enter Cd \\. \ c: \ con \delete RD \\. \ c: \ con \ . There are several types of such folders, which should be well recognized!

For the fifthThis method is a good solution. Isn't it because the path is long and cannot be accessed? Let's start with the outermost layer. First, we should change the name of the outermost folder to a short one. Then, the system will gradually collapse. Why not start from the inside? Because the inside path is too long, access is not allowed in windows, but cannot be renamed. If these ultra-long folders are manipulated (combined with the above vulnerabilities) and cannot be renamed, then... Our cmd killer: alias! These ultra-long folders must have aliases! From another perspective, you can use the 8.3 naming method to access these ultra-long folders, that is, using short file names. The 8.3name method does not contain more than 8 file names, and the extended name does not exceed 3. For example, 123456789.txt is written as 123456 ~ 1. txt.

Thank you for your corrections, comments, and supplements!