• Virus cleanup – unable to delete directories named “con.” and “nul.”

    Posted on February 10, 2011 by in OS, Security, Utility

    A barnch office in China had a virus incident where a workstation was infected with a virus, this virus created two directories on a server share named “con.” and “nul.”.  I quickly discovered that “con” and “nul” (and also “aux”, “lpt” etc etc) are protected names in Windows and you can’t create directories with such names, well you can actually by ‘cheating’;

    Create dir;

    md \\.\c:\con
    md \\.\c:\nul

    Remove dir;

    rd \\.\c:\con
    rd \\.\c:\nul

    This is all well and good, but it does not work for folders named “con.” and “nul.”, my next thought was well perhaps there is a ‘hidden’ character after the “.” (eg. the ALT+255 char) so I piped a dir to a text file for examination (dir c:\ > output.txt) however no luck it simply ended with the “.” and that was that.  Checkdisk had no luck and utilities to unlock files had no luck.

    Anyhow I put it on Technet forums and “Brent Hu” was kind enough to offer some useful advice, he pointed to a utility called “DelInvFile” from here; http://www.purgeie.com/delinv/dldelinv.htm  and in seconds the two directories was gone :-D   nice… and as the software came with 3 free deletes it did not even cost a penny, excellent.  Anyhow, if you experience invalid files/directories in your directory structure take a look at this util, it may just save your day :-)

One Response so far.

  1. garrydam says:

    I just download and use “Long Path Tool” guarantees to fix your error fast and easy.