Have not tried chkdsk -- good idea. Cacls/icacls usually works Del *.* /p works if the blank is not in a directory where other files reside that I cannot blanket delete. (such as sytem32)
Believe I found a way to find these blanks. We have an ARK tool I can specify directories to scan from cmd line so that should work. I forgot about being able to specify directories for it to scan. Tool did pick up a blank buried in the windows\install directory. Just a few directories that seem cacls/icacls refuse to work. (GAC_32 & GAC_64) Have to re-visit the ark tool and see about having it rip out those files. Quite a bit of the time yes -- wipe/reload is chosen due to the nature of the beast being fought, what the system is being used for, etc but not everyone has this luxury because either the admin for whatever reason has no backups or in case of it being an end user there are rarely ever recovery CDs that come with PCs anymore. (but these arguments are another subject entirely lol) -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Monday, October 31, 2011 8:35 AM To: NT System Admin Issues Subject: Re: Renaming blank files from cmd line On Sat, Oct 29, 2011 at 3:47 PM, Tammy <[email protected]> wrote: > However if this file is there along with a bunch of others that cannot be moved out (even temporary) obviously I can't do del *.*. Some things that may be useful that I haven't seen mentioned yet: CHKDSK CACLS *.* ... DEL *.* /P Also, if the system's been compromised, I usually start with a disk wipe and reinstall from known-good media. Presumably you judge the cost of that to be too high for whatever reason, but keep in mind that if the system has been compromised, you can't really ever be sure you've "cleaned" it. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
