1

there is a dir called C:\dcfa827bc56b26f4dc922bb28e on my hard disk that is protected or something and I can't view any files in the subdirs Program Files and Setup. I think this may be a rootkit, because I am admin, and still can't do anything. is there any way to delete or change the permissions on the file so I can see what's in it? Thanks

Nate Koppenhaver
  • 3,649

3 Answers3

1

Try this as an administrative user:

  1. Go to Tools > Folder Options > View tab and make sure Use simple file sharing is turned off. If you use Windows XP Home Edition, you cannot do this, and will need to reboot into safe mode to complete the rest of the steps.
  2. Go to My Computer and then to drive C:.
  3. Right-click on the offending folder and click Properties.
  4. Switch to the Security tab, select Advanced, and switch to the Owner tab.
  5. Select your user account from the list.
  6. Check the Replace owner on subcontainers and objects box.
  7. Click OK. It may take a moment to apply the permission changes.
  8. Back in the main properties dialog, make sure your user account has Full Control permissions.
  9. Click OK.

You should now be able to fully browse, modify, and delete that folder and its contents.

Patches
  • 16,572
0

Not sure if it is just locked or you do not have access so giving answers for both scenarios:

This is most likely just a temporary folder by a Windows update or a setup which is currently running in the background. It could be malicious, but it is unlikely and I highly doubt it is a rootkit.

Download Microsoft / Sysinternals Process Explorer, and click the find icon and copy and paste the directory name in to it, it should allow you to see what process is holding on to it, and you can then kill it, or just let it continue to do its thing.

If however it isn't, and you are using XP Pro, go to Tools > Folder Options and disable Use Simple File Sharing, then right click the folder and go to the security tab. You should be able to add your account and take full control over the folder. If you are using XP Home, go in to Safe Mode to do it. (Or download third party software).

William Hilsum
  • 117,648
0

It looks like garbage after sp installation. Remember to carefully delete unknown files/ folders :)

To delete blocked by system process files/ folders I recomend Unlocker (http://download.cnet.com/Unlocker/3000-2248_4-10493998.html)

Adam RichardSon
  • 372