I can't delete this file !!

yehdev_cc · 2008-09-04 08:41:07

Hi,
Actually I'm really facing a very strange situation..
It happened that I have a file that all the permissions it has is that it can be read by its owner..
and to make it even more odd, the owner is 'root'...
I can't figure a way to remove this file, but I really have to..
It all started when I tried to remove a probable virus file from a 'ntfs' partition..
but when I mounted this partition, I found that I can't delete this file...
Oh, I forgot to say that I couldn't delete it from windows either, so ???
Any help is appreciated ..
thanx in advance..

richs-lxh · 2008-09-04 08:54:58

Have you got read/write permissions for the ntfs partition? This would explain why you can't delete it from Linux.

If you mount the ntfs partition with r/w, you can issue the

sudo rm -f

command to force a delete.

Basically, you create a folder to mount the partition to, then add the ntfs partition and mount directory to your fstab.

Something like this:(if your ntfs partition is hda1)

/dev/hda1 /media/hda1 ntfs defaults 0 0

You'll need the ntfs-3g driver installed to obtain write access to the ntfs drive, it's in the repositories.

There are free programs available for Windows which will remove problem files:
http://ccollomb.free.fr/unlocker/

richs-lxh

Last edited by richs-lxh (2008-09-04 08:58:28)

yehdev_cc · 2008-09-04 09:03:09

Thank you for your reply..
Actually yes, I can write to the disk normally, except for this file because of its permissions that grant no more than the ability to read to its owner... no more no less !!
???!!

richs-lxh · 2008-09-04 17:31:03

Ok, so you just change the ownership of the file.

To change the owner:

sudo chown yehdev_cc:yehdev_cc /windows/system32/bad_file.dll

To get write permissions:

sudo chmod 755 /windows/system32/bad_file.dll

The other way, in Kde and Gnome, is to mount your file browser as root and just go looking for the file and delete it.

To open a graphical app as root:
kdesu app (kde)

kdesu konqueror

gksudo app(Gnome)

gksudo nautilus

richs-lxh

Last edited by richs-lxh (2008-09-04 17:38:05)

moljac024 · 2008-09-04 18:10:38

Just mount it with ntfs-3g and purge it with shred!

man ntfs-3g

man shred

yehdev_cc · 2008-09-04 21:14:03

Thank you for the replies...
@richs-lxh : The problem is that I don't have the permission to change the owner or the permissions.. even the owner of the file (it's the 'root') doesn't have this permission!!

@moljac024: I didn't get what you mean... what's this supposed to do ?

richs-lxh · 2008-09-04 21:56:50

yehdev_cc wrote:

Thank you for the replies...
@richs-lxh : The problem is that I don't have the permission to change the owner or the permissions.. even the owner of the file (it's the 'root') doesn't have this permission!!

If you mount the ntfs partition, change ownership and make it writeable, you can do whatever you want to any file. Root is God

Ok, so go for installing ntfs-3g.

Now mount the partition to a directory called /windows.

You can chown the owner of the entire partition recursively with the -R switch. For example:

su to root

su

make a mount directory

mkdir /windows

backup fstab before editing

cp /etc/fstab /etc/fstab_backup

open fstab with nano

nano fstab

copy and paste this code (change hda1 to your windows partition) Then "ctrl+X" to exit "Y" to save and "Enter" to quit.

/dev/hda1 /windows ntfs defaults 0 0

mount all partitions

mount -a

change owbnership to root, recursively, every single file (may take a few minutes)

chown -R root:root /windows

add write permissions, recursively, every single file (may take a few minutes)

chmod -R 755 /windows

Now go and delete the file. If you can't delete the file I would really like some further information on what virus it is/was, as I have never had any Windows file which I couldn't remove as root.

PS: If you have "System Restore" enabled on Windows, disable it and delete it. It's the first place where all the nasties go to hide, and then reinfect the system later.

richs-lxh

Last edited by richs-lxh (2008-09-04 21:58:59)

chimeric · 2008-09-05 09:41:09

richs-lxh wrote:

change owbnership to root, recursively, every single file (may take a few minutes)
chown -R root:root /windows
add write permissions, recursively, every single file (may take a few minutes)
chmod -R 755 /windows

You most probably not want to do the above, if, then just do that recursively for the directory tree the file resides in, but not for the whole disk!! My strongest guess on why you can't delete it under Windows is that it's probably used by a process, and you probably can't delete it under Linux because the directory permissions don't allow you to do that. I'd suggest to start windows in failsafe mode, without GUI, just a shell session and then remove the file (worked most of the time for me).

richs-lxh · 2008-09-05 12:05:18

chimeric wrote:

You most probably not want to do the above, if, then just do that recursively for the directory tree the file resides in, but not for the whole disk!!

Why not exactly? It only takes a few minutes more. Whatsmore, in my experience, if there is one infection, there is more than likely a few more hidden away in other directories. Hence the reason of taking ownership and write permissions for the entire OS in one go. Saves having to add another directory tree later.

My strongest guess on why you can't delete it under Windows is that it's probably used by a process, and you probably can't delete it under Linux because the directory permissions don't allow you to do that.

No need to guess, that is an absolute certainty. This is why I offered the link for the file-deleter. It will remove the file at boot before the process is started. Whatsmore, on top of that, safe mode will not guaruntee that you will get access to an .exe file (virus) which has attached itself to a system file which will start even in safe mode.

I'd suggest to start windows in failsafe mode, without GUI, just a shell session and then remove the file (worked most of the time for me).

Most of the time isn't very reassuring. What I have proposed has worked every time. I have been unlucky enough to have to clean a lot of (other people's) infected Windows boxes. I have always performed the task from Linux after taking control of the Windows partition.

richs-lxh

Last edited by richs-lxh (2008-09-05 12:05:43)

chimeric · 2008-09-05 12:27:53

richs-lxh wrote:

chimeric wrote:
You most probably not want to do the above, if, then just do that recursively for the directory tree the file resides in, but not for the whole disk!!
Why not exactly? It only takes a few minutes more.

I just fail to see why one should do that just to get rid of one file. If that worked for you in the past, then good, but IMHO it's not needed. After all, are you really sure that all files on his partition should be owned by root exclusively? Just my 2cents.

richts-lxh wrote:

Most of the time isn't very reassuring.

If it would have worked every time for me, I'd said so. All I did was suggesting another possible method . Not more not less. I hope that's OK.

moljac024 · 2008-09-05 16:19:12

Is changing ownership to root really necessary ? Just open up a root shell or a file manager with root privileges and try to delete it.

The shred command that I mentioned makes it really hard for the file to be recovered (it overwrites it a few times, while a normal "delete" just removes the link to the data, kind off. It's hard to explain).

richs-lxh · 2008-09-05 19:14:40

chimeric wrote:

richs-lxh wrote:
chimeric wrote:
You most probably not want to do the above, if, then just do that recursively for the directory tree the file resides in, but not for the whole disk!!
Why not exactly? It only takes a few minutes more.
I just fail to see why one should do that just to get rid of one file. If that worked for you in the past, then good, but IMHO it's not needed. After all, are you really sure that all files on his partition should be owned by root exclusively? Just my 2cents.

I am just trying to save the guy some time, when he has to remove future viruses (which I am sure he will have too). I see your point, but as I said, on a Windows box, if there is one infection, you can almost guaruntee that there are more.

I cleaned up a box for a mate once, he said that it was running a bit slow. Over 500 infected files. Granted that many were duplicates in the System Restore directory, and others were harmless spyware, but he had some juicy little buggers hidden in there as well.

richts-lxh wrote:

Most of the time isn't very reassuring.
If it would have worked every time for me, I'd said so. All I did was suggesting another possible method . Not more not less. I hope that's OK.

Yeah, point taken. Very OK. There is always more than one way to skin a cat

I have just found that it's sometimes quicker in the long run to have "access-all-areas" instead of going through the same permission problems again for seperate directory trees. Just as if a system is completely borked, I reinstall, others would tinker and try to fix. I like all or nothing.

richs-lxh

yehdev_cc · 2008-09-06 00:28:01

Thank you very much for the replies... I really do appreciate them..
First, I managed to remove the file from windows by using the program recommended by 'richs-lxh', after a reboot...
Second, the previous solutions failed under Linux, and I think the reason is obvious.. to change the permission and/or ownership of a certain file, you should have the permission to write to it.. and since I don't... I couldn't..
It was really a a very odd situation because:
1) The file is owned by 'root'
2) The owner can ONLY read the file !!
3) and of course no other one have this permission
It's good that it was on NTFS partition and I got that program, but think about it if it's an ext3 partition, what would be the solution ? (yes, I know that even an idiot wouldn't get stuck this way, but just think) may be we can use the ext3 program for windows that doesn't care much about permissions...may be..

richs-lxh · 2008-09-06 08:09:18

I'm glad you got it solved yehdev_cc.

Although I am pretty certain that with ntfs-3g (installed and enabled/configured) you would have been able to delete it, as you would have had write permissions as well (which are needed to delete files).

By the way, just as an addition (in case spmebody else is reading this thread, with the same problem). Sometimes you need to right click the file form linux and edit the permissions there, usually as root via gksudo nautilus.

richs-lxh

Reploid · 2008-10-03 01:48:30

Can I hijack this thread with another file that won't let it delete itself? Seeing as this thread shows up when I am searching for a solution, and the original problem got solved, I thought I could add one problem here.

Running ls -la in my home folder (username: yo)
dr-x------ 2 yo users 0 2008-10-03 00:13 .gvfs

Running ls -la as su:
d????????? ? ? ? ? ? .gvfs

I can't chmod it, chown it, rm -r it, nothing works.

I have no idea what kinda file this is, and I get this error message when I am logging in from GDM, that the session can't be saved, because I don't have write permissions to my entire home folder. Now ain't that cool, huh?

(going offline for a few hours, don't get upset if I don't reply right away. )

mrunion · 2008-10-03 02:10:13

Don't delete that file......it's part of the Gnome Virtual File System.

dmz · 2008-10-03 02:27:18

mrunion wrote:

Don't delete that file......it's part of the Gnome Virtual File System.

But, If I really want to delete it?

Reploid · 2008-10-03 02:50:30

Yeah! Yeah! Tell us!

dav7 · 2008-10-03 05:09:35

Try 'mount'. Among the output, you'll see that .gvfs is actually a virtual disk per se mounted using FUSE. It isn't an ordinary directory. It's used in GNOME for 345685928325 things I have no idea about.

Delete that... and then have fun fixing your system, if you must.

-dav7

mrunion · 2008-10-06 15:20:54

@dmz: If you really want to delete it I guess you could remove Gnome from the system?!?

dmz · 2008-10-06 15:21:51

mrunion wrote:

@dmz: If you really want to delete it I guess you could remove Gnome from the system?!?

That's no fun.

Arch Linux

#1 2008-09-04 08:41:07

I can't delete this file !!

#2 2008-09-04 08:54:58

Re: I can't delete this file !!

#3 2008-09-04 09:03:09

Re: I can't delete this file !!

#4 2008-09-04 17:31:03

Re: I can't delete this file !!

#5 2008-09-04 18:10:38

Re: I can't delete this file !!

#6 2008-09-04 21:14:03

Re: I can't delete this file !!

#7 2008-09-04 21:56:50

Re: I can't delete this file !!

#8 2008-09-05 09:41:09

Re: I can't delete this file !!

#9 2008-09-05 12:05:18

Re: I can't delete this file !!

#10 2008-09-05 12:27:53

Re: I can't delete this file !!

#11 2008-09-05 16:19:12

Re: I can't delete this file !!

#12 2008-09-05 19:14:40

Re: I can't delete this file !!

#13 2008-09-06 00:28:01

Re: I can't delete this file !!

#14 2008-09-06 08:09:18

Re: I can't delete this file !!

#15 2008-10-03 01:48:30

Re: I can't delete this file !!

#16 2008-10-03 02:10:13

Re: I can't delete this file !!

#17 2008-10-03 02:27:18

Re: I can't delete this file !!

#18 2008-10-03 02:50:30

Re: I can't delete this file !!

#19 2008-10-03 05:09:35

Re: I can't delete this file !!

#20 2008-10-06 15:20:54

Re: I can't delete this file !!

#21 2008-10-06 15:21:51

Re: I can't delete this file !!

Board footer