如何从Windows启动目录中删除文件? [英] how do I delete files from the Windows Startup directory?

问题描述

您好，我的一台计算机中装有FBI ransomeware病毒，因此我想借此机会进行实验，并尝试以自己的方式消除它.到目前为止，我已经进行了一些研究，指出该病毒会创建一个.exe文件，该文件会在启动时运行该病毒.所以我想用我的USB创建一个疫苗".我计划创建一个程序，该程序将自动从Windows启动目录中删除所有文件.这样一来，我可以重新启动计算机，并希望不会出现弹出窗口，以便随后我可以下载适当的防病毒软件并将其删除.

问题:所以我的问题是，如何从Windows启动中删除所有文件?我有这段代码，但似乎没有用.我知道有多种删除目录的方法，但是此方法可以适当地找到特定文件.

Hi, I have the FBI ransomeware virus in one of my computers so I want to take this opportunity to experiment and try to get rid of it in my own way. So far, I have done some research stating that the virus creates a .exe file that runs the virus in startup. So I want to create a "vaccine" with my USB. I plan on creating a program that will automatically delete all files from the windows startup directory. So that I can restart the computer and hopefully the popup doesn''t appear so I can then download a proper anti-virus and get rid of it all.

Question: So my question is, how can I delete all the files from the windows startup? I have this code but it doesn''t seem to work. I know that there are many ways of deleting a directory but this method finds the specific file appropriately.

string path = Environment.GetFolderPath(Environment.SpecialFolder.Startup);

            foreach(string files in Directory.GetFiles(path))
            {
                File.Delete(files);
            }

感谢所有帮助.

All help is appreciated.

推荐答案

请参阅ZoltánZörgő和我的问题注释.您没有提供有关发生的情况的相关信息.可能发生的最明显的事情之一是:此目录中的某些可执行文件已加载以供执行，并在您尝试执行代码时实际执行.此外，某些进程可能会打开某些数据文件以进行独占访问(默认情况下已完成)，而未关闭这些文件.在这两种情况下，都无法删除此类文件.您将需要杀死保留它们的进程.

您可以调查哪个进程保存哪个文件.为此，我建议使用 Sysinternals Suite 中的一个实用程序.这套实用程序(以前来自 Winternals 公司，目前在Microsoft)是必须具备的对于任何开发人员，请参见:
http://technet.microsoft.com/en-us/sysinternals/bb842062 [ ^ ]，
http://technet.microsoft.com/en-us/sysinternals/bb545027 [ ^ ].

您需要的实用程序是" handle.exe "，请参见:
http://technet.microsoft.com/en-us/sysinternals/bb896655 [ ^ ].

该实用程序将扫描所有类型的句柄，而不仅仅是文件句柄.对于文件，它将扫描与文件名匹配的所有文件句柄(因此它不必是完整的路径名)，并返回足以标识每个进程的信息，包括其 pid .因此，如果您需要有关该进程的更多信息，则还可以使用其他Sysinternals实用程序，尤其是其 Process Explorer :
http://technet.microsoft.com/en-us/sysinternals/bb896653 [ ^ ].

请注意，这些注意事项是非常基本的.它们一直无法帮助您抵抗真正的狡猾病毒，其中大多数都是更加隐秘且难以清除的方式.

祝你好运，

—SA

Please see the comments to the question by Zoltán Zörgő and mine. You did not provide relevant information on what happens. One of the most apparent thing which might happen is this: some executable files in this directory are loaded for execution and are actually executed when you try to execute your code. Also, some data files could be opened by some processes for exclusive access (which is done by default) and not closed. In both cases, it is not possible to delete such files; you would need to kill the processes which hold them.

You can you investigate which process holds which file. For this, I recommend using one utility from the Sysinternals Suite. This set of utilities (formerly from Winternals company, presently at Microsoft) is a must-have for any developer, please see:
http://technet.microsoft.com/en-us/sysinternals/bb842062[^],
http://technet.microsoft.com/en-us/sysinternals/bb545027[^].

The utility you need is "handle.exe", please see:
http://technet.microsoft.com/en-us/sysinternals/bb896655[^].

This utility will scan all kinds of handles, not just file handles. For file, it will scan all file handles matching the file name (so it does not have to be a full path name) and return information sufficient to identify each process, including its pid. So, if you need more information on a process in question, you can also use other Sysinternals utilities, in particular, its Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653[^].

Note that these considerations are very basic. They along cannot help you to fight really sly viruses, most of which are way more cryptic and hard to remove.

Good luck,

—SA

这篇关于如何从Windows启动目录中删除文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！