Recently I went through a ransomware attack, I was arrogant enough to leave RDP open on my machine at home, and someone was able to brute force their way into the system, install ransomware, and totally bork up my files.
Fortunately for me, I had a large LARGE number of files, and the sheer number of files (movies, photos, documents, videos, music, etc), I caught the attack early enough that I was able to salvage some of my files, and recover a large % of those files from backups I had taken in 2018.
Unfortunately I didn't have everything backed up, and I am in the process of trying to "save" all of the "no_more_ransom" files that are now encrypted on my machine and unable to be opened. In the process of trying to migrage "Good" files to clean drives, and "bad" files to a backup drive I needed to salvage my 1tb SSD that had Windows installed on it. In the process of trying to move things around and utilize that drive, without simply formatting it (which will come later) I needed to remove all files from the Windows Directory, and the various Program Files directories.
I was unable to remove a large number of files in those directories however, due to them being system files and permissions not allowing me to delete. I did manage to come up with a few command line tools that I could use to unlock those files and delete them from the device, I wanted to document them here in case I need them in the future, or perhaps they will help others.
BE FOREWARNED YOU SHOULD NOT DO THIS ON DRIVES YOU CARE ABOUT, USE AT YOUR OWN RISK
To do this, I opened a CMD (command) window by clicking on START>Run> and typing CMD. Right click on the option that shows up and choose "Run as Administrator"
From there you need to "Take Ownership" of the directories, you can run the following command in a directory you want to ultimately delete, in my case I was deleting files on g:\windows
takeown /R /F *
After that I simply needed to reset all the permissions/access control list with the following command:
ICACLS * /T /Q /C /RESET
After that I was able to hard delete the files from the Windows Explorer by pressing Shift-DELETE on the directory I wanted to remove.
Read More at weblogs.asp.net:443