Undeletable Files?

[isochar 0]

I have two pesky files that refuse to be deleted/moved in normal or safe mode. Everytime I try, Windows says that they are being used by a program. Any ideas on how to get rid of them?

[dlever 0]

I've had this as well, but a reboot always fixes it.

[isochar 0]

Nope, I've tried everything I can think of. The only way I can uninstall the files is by uninstalling the divx codec...

 

Problem is that the next time I play a divx video, I have to repeat the process.

[isochar 0]

Hey, I sent you an email but got no response... could you send me both of those proggies? TIA.

[isochar 0]

Got them this time, thanks!

[isochar 0]

I found another solution - instead of using windows explorer, I successfully deleted the file using Powerdesk. (I'm assuming that any windows explorer replacement would be able to)

 

Hope this helps anyone else who encounters this problem!

[BenChase 0]

I'm sure that most of you are aware that to securely get rid of a file, it needs to be overwritten with zeros at least 7 times repetitively. That is the method used by DOD to erase classified information. A delete operation only marks the file as free space and able to be used for other storage by the operating system. Deleted and overwritten data can be recovered by using expensive methods, such as modifying skew angles..etc.. Very expensive, but unless you overwrite a file several times with zeros, its recoverable...although most wouldn't go through the trouble of spending thousands doing data recovery on your HD. Any utility which can write either zeros or scrambled data 7+ times to a deleted file is all you need to pretty much guarantee that your file can't be recovered.

 

-Ben

[BenChase 0]

Alecstarr:

 

You make a very good point about overwriting the filename to erase ALL traces of the files existance. However, a filename by itself could never be used as evidence, unless there was some incriminating data along with it. You are correct in your assessment of the filename situation.

 

As for the program you speak of, the reason that I know for a fact that data can still be recovered is because to actually make the data literally "go away" for good, you have to degauss it. Here is the explaination:

When a hard drive (or any other drive for that matter) writes information to the disk, it does so at a certain skew angle that is preset by the manufacturer (normally to maximize storage space). This skew angle is not normally able to be changed without specialized tools, such as opening the drive up and physically changing the skew, or by the use of the firmware built into the drive. Software can not physically change the skew angle at which the drive is writing data.

 

"It is possible to open the drive in RAW mode, access either the FAT or MFT$ file (yes, this is possible) and reconstruct the directory/file tree yourself. Finding any files 'marked deleted' and list them as candidates for recovery. By renaming their first character, you can recover the file & it is recommended to do so to another disk as well. Provided the interior data is not scrambled up, you can get it back whole many times.

Again, It has proven successful against many programs that do file recovery, and I'd wager it'd do well against even hardware based data recovery methods."

 

- Yes, you are correct about this. This is an advanced method employed by many popular data recovery labs. In most cases, data can be recovered this way. What I am speaking about is hardware modification involving changing the skew angle of the read/write head. By changing the skew angle, data recovery experts, spe[censored]ts, (FBI, NSA), can recover data that has "spilled over" from the original skew angle, into another close angle. This is known as data shadowing. In this case, any kind of overwriting will make no difference. However, very few people have to worry about this technique as it costs more than any law enforcment agency would spend to prosecute you. Unless of course you're involved in some very serious activity.

 

- My advice:

 

If you have sensitive files, encrypt them..preferably with a scheme that is computationally hard (meaning that it would take longer than the age of the universe to decrypt using brute-force on the most powerful known computer). Do NOT use DES..the ability to EASILY crack that (less than a 24 hours on dedicated hardware) has existed for some time. I would suggest using IDEA, it's a rock-solid encryption scheme. Do not allow sensitive unencrypted data to be copied even once to your hard drive. Encrypt it, then copy it if possible.

 

If you're interested in the study and history of encryption, you should check out the book: "Applied Cryptography". It's steep reading for most. Hope you like math!

 

 

- Ben

[BenChase 0]

I'd be happy to review your document for you. I recently finished drafting and finalizing what is known in the DOD as a Systems Security Authorization Agreement (SSAA). It ended up being close to 160 pages. Keep in mind, it took me 6 months to write it..lol. Not something one does overnight. I have a variety of duties, that's just one of them.

 

As for degaussing, yes...using a high powered magnet, you are guaranteed to permanently get rid of anything that was there...forever, guaranteed. However, one drawback to this, is that it will most likely make the disk unusable. I thought I'd be smart one time with this old 80mb hard drive, so I degaussed it.. well...it appeared that I had also wiped the firmware chip on the drive as well. I tossed it.

 

As for running the hardware recovery test after using your software, I could probably estimate that between 70-85% of the data may be recovered if you employ the methods that you spoke of earlier. Even the expensive hardware recovery method doesn't get 100%. To get access for you to perform this test would be difficult considering the costs involved. The only ones I have access to are DISA and NSA..and they only do it for classified information.

 

I don't have very much of a programming background..I only have very basic knowledge of C++ and VBasic (I only have gotten to the class structure stuff), I haven't messed with the WIN32 API or anything of that nature..Probably won't unless I'm forced to.

 

 

- Ben

[tku01 0]

I was so close to reinstall Windows Me, this thing was driving me crazy. I had 10 avi 5 gb that could't be deleted by the same reason. I tried Powerdesk and it worked.

 

But I do think it should work in explorer. If anybody comes with an solution it would be great. And yes, I tried DOS/Command mode and it didn't work either.

 

Gurkan (The Cucumber)

[Xiven 0]

I had the same problem with a large .avi file that refused to be deleted. I found that killing all instances of explorer.exe in task manager and then deleting the files from the command prompt works. Very strange that you'd have to do this though. Something's not right.

[Palos 0]

Wasn't overwriting data with 0s called low level formatting?

And one more thing: for all of you paranoids out there, use Linux...it already has an encrypted filesystem available.

[Xiven 0]

AlecStaar - you may well be right, but it shouldn't be the case cos I was deleting the files with shift-delete (which should never touch the recycle bin). Also deleting with the command prompt should also not send the file to the recycle bin.

 

Plus, the error given when trying to delete it is "File is in use". Since killing explorer makes it "not in use", explorer must be using the file. It's too weird.

 

Anyway, Win2k can delete files that big no problem.

[Xiven 0]

Well the point I'm making is that using cmd.exe I still cannot delete the file unless I also end every instance of explorer.exe as well. This means that explorer is definitely hanging on to the file. For whatever reason I don't know - it may be related to the recycle bin, it might not.

 

Anyway, I've gone back to Win2k as my primary OS (for various reasons) so I've given up on the problem.

[DarkLord81 0]

Quote:

I had the same problem with a large .avi file that refused to be deleted. I found that killing all instances of explorer.exe in task manager and then deleting the files from the command prompt works. Very strange that you'd have to do this though. Something's not right.

Exactly something IS not right, but (referring to THIS problem, which also strikes me) it is a FEATURE of WindowsXP which leads to all this fuss....
Explanation:
WinXP analyses a folder's content on opening through explorer.exe .... this is where you get those 'common tasks' (the former web-view) from (i'm sorry, if those names are wrong, but im currently on a german XP built, so i don't know their english names for sure).. windows detects if there are mainly pictures, videos, musicfiles, or whatever in the current folder... so this problem occurs with DivX-files often; you can't delete them becauses explorer.exe tries to detect, what they actually are... now, this DivX file may be say damaged or simply yet incomplete ... so win can't finalize its analyse (bad handling of incomplete divx content) ... and 'hangs' with 100percent CPU usage... and the inability to delete the file.

Conclusion:
DISABLE this 'feature' (detecting which kind of files a folder holds).. so you gain the additional benefit of not getting those new autoplay functions for cds without autoplay.

Problem:
i have absolutely no clue how to disable this feature or if it is possible at all... if ANYBODY knows how you could do that... PLEASE post!