Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Infection Created Symbolic Links in Microsoft Security Client Directory


  • This topic is locked This topic is locked
2 replies to this topic

#1 gabthetech

gabthetech

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 12 September 2013 - 01:11 PM

Virus Infection Created Symbolic Links in Microsoft Security Client Directory

 

My co-worker and I have been buggered about how to removed both symbolic links and invalid directory trees.  I did find removing invalidly named directory trees worked in a Linux Environment such as Parted Magic.  But how do I remove symbolic links?  Everytime we try to delete it, we get an error:

Folder Not Empty.

 

The folders/links that were created are the same names as folders preventing MSSE from installing properly.  "En-us", "Drivers" and "Backup" are the names of these folders in the Security Client directory.  The target of these symbolic links is the C:\Windows\System32\Config folder.  As a result, we're unable to remove these links, even in the Parted Magic Environment.

 

Is there a way to remove these entries w/o doing any damage to the targets?  Is there a "Root" command that can be used to removed JUST the symbolic link itself?  And if so, how do I navigate via the command window to that location "C:\Program Files\Microsoft Security Client"?

 

Further, are there any tools you'd recommend for removing invalid directory entries aside from booting into a linux shell and deleting it that way?

 

Thank you

 

Wanting Answers in Washington


Edited by gabthetech, 12 September 2013 - 01:12 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 37,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:35 PM

Posted 17 September 2013 - 09:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This forum deals with Malware issues.

I hope that the following link will help you remove the links.

http://answers.microsoft.com/en-us/windows/forum/windows_vista-files/how-to-remove-a-symbolic-link/e171f76a-a62b-4604-8777-3439492bf1f7

If the issue persists I suggest you start a new topic in the appropriate forum for you operating system.

Windows XP forum
http://www.bleepingcomputer.com/forums/forum56.html

Windows Vista forum
http://www.bleepingcomputer.com/forums/forum72.html

Windows 7 Forum
http://www.bleepingcomputer.com/forums/forum167.html

Windows 8 Forum
http://www.bleepingcomputer.com/forums/f/209/windows-8/

Good luck.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 37,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:35 PM

Posted 23 September 2013 - 07:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users