Persistent files possible security issue?


I installed Windows 8 RP the day it was released to the public, I of course had to make a complete re-install and not upgrade since I was previously on Windows 8 CP, I however forgot to format the drive so needless to say I got the “Windows.old” folder.

I started scanning through the Windows.old folder for any useful files like config files for programs I were going to re-install etc. Once I finished I decided to delete the whole folder. It deleted quite a few folders and files but then it stopped abruptly and claimed I did not have access to the files. I tried again as administrator but yet again I did not have access to the files. I then decided to get “Take Ownership” (For Windows Context menu) and tried taking ownership of the files. It claims to be successful and I believe it because it now states that I own the files, but I still can’t delete them.

I’m logged in as Sanya_000 and the error says “You require permission from SANYAIV\Sanya_000 to make changes to this file”

Now it’s not the end of the world, just 2.77 GB of garbage that won’t go away, but it’s on my SSD which is very limited in capacity which makes me want those 2.77 GB (2.83 GB on disc).
No the size isn’t the thing that made me worry the most, it’s the fact that none of the things I’ve tried has been able to remove the files. Now imagine they’d be malware files, unable to be deleted and only able to be executed by itself (or other un-suspicious file), they could in theory be invincible, well they’d still be stopped from running because of CIS but it would still be unable to remove the files?

Surely there must be some way to remove these files? (except for formatting the drive) At the moment I feel a strong disbelief in the security system if an Administrator doesn’t actually have the privileges to administer the system in question.

Ideas are more than welcome, please share any tips or tricks about the subject, also feel free to discuss your own experiences in similar situations and also feel free to discuss if this is a security issue that could in fact favor malwares if they ever found out how to replicate this.

Edit: Added picture showing the problem with one of the files. Yes it’s in the middle of the night.

Thank you,
Sanya IV Litvyak

Hi SanyaIV,
Disk cleanup should take care of it.
If not try deleting the individual folders from within the windowsold folder before deleting the windowsold folder itself.

Edit: Alternatively Malwarebytes file assassin may help.

Hello Captain,

I’m currently trying the Disk Cleanup as you suggested, I’ll update with results when it’s finished. I’ve also tried deleting the subfolders themselves and even the individual files, none of which worked. I’ve also tried in force mode (Del /F .)

Edit: If Disk Cleanup doesn’t work I’ll try Malwarebytes File Assassin as suggested. =)

Edit 2: Good news, the disk cleanup finished without error and also removed all the files but one which is open in another program. Thank you captainsticks for the fast and good help. =)

Thank you,
Sanya IV Litvyak

You are welcome, glad it worked. :slight_smile:

Edited quote as the quoted message was edited. – JoWa

I’m sorry about this but I have to…

Picks you up and cuddles you Thanks Captain! ^-^

No problems. :wink: