I'm sorry if I wasn't clear. The computer I am running the script on is running a copy of Windows XP. The Harddrive being cleaned up via the batch script is from another computer and plugged in via an IDE to USB adapter. The hard drive being cleaned up is NOT running an active operating system but it DOES have a SERIOUS virus problem. I cleanup hard drives like this on a regular basis and it doesn't cause a problem, right now all I'm trying to do is automate the process. This cleanup process is the last attempt at saving an OS before calling it quits and reinstalling windows, therefore there is nothing to loose by trying some risky cleanup procedures.
Billy O, on Feb 9 2010, 11:59 AM, said:
Hello, Will
- I strongly encourage you to use a turnkey solution such as CCleaner instead -- it's going to be much more comprehensive as it does much more than delete files. For example, it can compact the SQLite databases used by the Mozilla Firefox and Google Chrome browsers.
Seeing as the drive is an external drive... CCleaner will not work, CCleaner will only clean up the ACTIVE opperating system, I have already tried using CCleaner for this task and it was to no avail. Altho if you know how to MANUALLY cleanup the temp directories for Mozilla Firefox as well as Google Chrome, that information would be useful.
Quote
%*DRIVE*%\Pagefile.sys is not a temporary file. You cannot delete it while the operating system is running in any case. It is the system paging file, where memory pages which do not fit in physical RAM are relocated. You should never attempt to delete this file.
Pagefile.sys is okay to delete if the drive is an external drive and not running an OS. Once the computer shuts down the Pagefile.sys file is no longer needed. Also, seeing as pagefile.sys holds memory pages that do not fit into RAM, live malicious code that did not fit into RAM tends to be stored in it as well. Therefore, it is going bye-bye.
Quote
%*DRIVE*%\Hiberfile.sys is not a temporary file, it is the system hibernation memory cache. When the system enters hibernation, the system memory is copied to this file before the system is shutdown, which allows the system to resume to a saved state. You should never attempt to delete this file, and you can't while the operating system is running in any case. If you don't need hibernation support, you can
disable hibernation support. After hibernation support is disabled, the operating system will remove this file on the next reboot automaticly.
Same scenario as before, however turning off hibernation is not necessarily what I intend to do, only to remove any possible malicious code that was in memory the last time windows went into hibernation. The next time windows hibernates (if all goes as planned) the computer will no longer have a virus problem
Quote
%*DRIVE*%\WINDOWS\Downloaded Installations and %*DRIVE*%\WINDOWS\Downloaded Program Files are not temporary files, they are the ActiveX cache for Internet Explorer. If you delete files from these locations, you need to take special care to remove the ActiveX controls correctly. To do this, you would need to parse the [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database] registry key. Failure to uninstall these correctly could damage Internet Explorer's handling of ActiveX.
Thank you for telling me this
, I was unaware of that. Is there any way to perform registry key read/writes on a remotly loaded registry? (i.e. loading the registry off of the external hard drive's installation of windows and parsing [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database] )
Quote
I have not heard of %*DRIVE*%\Documents and Settings\%USER%\UserData and I do not believe it is created by the operating system, though I am not positive. Mucking around in %USERPROFILE% is probably a bad idea though.
This file is generally created by 3rd party programs for various reasons, altho sometimes it is used to store information for malware.
Quote
%*DRIVE*%\System Volume Information\ is not a temporary directory, it is the repository for the Volume Shadow Copy Service, which is necessary for the proper function of the System Restore feature in Windows XP. If you remove files from this folder, any restore points created before the time you did such a deletion will be unrestorable. Additionally, this folder is generally protected by NTFS access permissions making removal difficult in any case. If you don't need system restore, I suggest you turn it off correctly which will automaticly empty this folder the next time the system is rebooted after the shutdown of system restore.
System volume information tends to store a HUGE (and I emphasise H-U-G-E!!!!!!) amount of malicious code! It also nearly triples (if not more-so) scan time on an external drive (wich a full hard drive scan with a-squared is performed after the batch script). Seeing as the computer has a serious virus problem and generally the System Volume Information is infected with a massive amount of malicious code, using System Restore will only cause more problems at this point. I will be deleting it, and it can safely be deleted as long as the active OS is not running off of the drive in question. It is not difficult to delete either, using a calcs loop in cmd prompt takes full ownership of the folder, then a simple rmdir command will delete the entire file. I tried to express I had FULL control (maybe I should have said ownership, that was my mistake) of all of the folders and files on the drive.
Quote
I hope that helps,
Billy3
I do appreciate your response and effort
....altho all you did was tell me NOT to do what I am doing
....
P.S.
I found another one while thumbing through files:
%*DRIVE*%\\WINDOWS\Prefetch
Any suggestions as to where windows stores program data and temporary files would be appreciated.
Help
Back to top
Posted 09 February 2010 - 01:49 PM
Posted 09 February 2010 - 03:20 PM
