Removing system files from a Windows Hard Drive

Removing system files from a Windows Hard Drive

Recently I went through a ransomware attack, I was arrogant enough to leave RDP open on my machine at home, and someone was able to brute force their way into the system, install ransomware, and totally bork up my files.

Fortunately for me, I had a large LARGE number of files, and the sheer number of files (movies, photos, documents, videos, music, etc), I caught the attack early enough that I was able to salvage some of my files, and recover a large % of those files from backups I had taken in 2018.

Unfortunately I didn't have everything backed up, and I am in the process of trying to "save" all of the "no_more_ransom" files that are now encrypted on my machine and unable to be opened. In the process of trying to migrage "Good" files to clean drives, and "bad" files to a backup drive I needed to salvage my 1tb SSD that had Windows installed on it. In the process of trying to move things around and utilize that drive, without simply formatting it (which will come later) I needed to remove all files from the Windows Directory, and the various Program Files directories.

I was unable to remove a large number of files in those directories however, due to them being system files and permissions not allowing me to delete. I did manage to come up with a few command line tools that I could use to unlock those files and delete them from the device, I wanted to document them here in case I need them in the future, or perhaps they will help others.

BE FOREWARNED YOU SHOULD NOT DO THIS ON DRIVES YOU CARE ABOUT, USE AT YOUR OWN RISK

To do this, I opened a CMD (command) window by clicking on START>Run> and typing CMD. Right click on the option that shows up and choose "Run as Administrator"

From there you need to "Take Ownership" of the directories, you can run the following command in a directory you want to ultimately delete, in my case I was deleting files on g:\windows

takeown /R /F *

After that I simply needed to reset all the permissions/access control list with the following command:

ICACLS * /T /Q /C /RESET

After that I was able to hard delete the files from the Windows Explorer by pressing Shift-DELETE on the directory I wanted to remove. 

Read More at weblogs.asp.net:443

Recent Comments

There are currently no comments. Be the first to make a comment.

Add Comment

Please add your comment by filling out the field(s) below. Your comment may need to be approved before it becomes visible.
Enter your first name for display with the comment
Enter your last name for display with the comment.
Enter your comment here.
If you can't type DNNRocks in, you can't post, plain and simple.
Submit Comment Cancel

Chris Hammond

Chris Hammond is a father, husband, leader, software developer, photographer and car guy. Chris focuses on the latest in technology including artificial intelligence (AI) and has spent decades becoming an expert in ASP.NET and DotNetNuke (DNN) development. You will find a variety of posts relating to those topics here on the website. For more information check out the about Chris Hammond page.

Find me on Twitter, GitHub and LinkedIn.