Windows\Temp large amounts of cab_XXXX files -- Can't delete

Question

In regards to this: Windows\Temp large amounts of cab_XXXX files

I can't delete the files. I'm trying to do a shift delete but there are files randomly scattered in there that are locked out by permissions.

I tried running powershell as administrator and still gave me permission issues.

IS there a quick way to mass delete all the cab_ files in there?

Answer 1

I love when folks reference my answers. :)

Try stopping the trusted installer service first.

Answer 2

It is probably because the files are open in a running program. You can try using the Disk Cleanup utility in Windows to clean out the Temp folder. If it doesn't work while online, try booting into Safe Mode and delete them from there.

Answer 3

I've found that it helps to stop the three services in the code below. I wrote the help text in another language originally, and it's a pain to translate, but I'm adding the pertinent PowerShell code I made for my less technical / not command-line savvy coworkers to paste from notepad/whatever into powershell.exe, and run step by step, to semi-automate cleaning up computers with runaway cab file production. I'm translating the most pertinent parts that I spot now.

This can happen (among other things?) when a CBSPersist log becomes around 1 or 2 GB large (I forgot which, think the latter), and makecab.exe tries to compress it, fails, and doesn't clean up after itself, and repeats this action indefinitely.

We discovered this by monitoring a server with sysinternals process monitor. This seems to be triggered by Windows Updates, if I remember correctly.

Here's the code, hope it helps someone.

# Ensure we have a C:\temp. No output (necessary, but if you know what you're doing, you can tweak ... )
$TempDir = 'C:\temp'
if (-not (Test-Path -Path $TempDir -PathType Container)) { New-Item -ItemType Directory -Path $TempDir | Out-Null }
Set-Location -Path $TempDir

# Stop services. Lim inn disse tre linjene i powershell.exe og vent til den er ferdig.
# it could take a couple of minutes 
Stop-Service -Name TrustedInstaller
Stop-Service -Name wuauserv
Stop-Service -Name BITS


# Wait for makecab.exe to stop working, it seems to die by itself after 
# about a minute or three for me once you stop the services
# if you want something to look at while waiting for makecab.exe to die.
# you can also just look in task manager ...
$ProcessToCheck = 'makecab'
if (@(Get-Process -Name $ProcessToCheck -ErrorAction SilentlyContinue).Count -gt 0) {
    while (@(Get-Process -Name $ProcessToCheck -ErrorAction SilentlyContinue).Count -gt 0) {
        Write-Host -ForegroundColor Yellow "Waiting for ${ProcessToCheck}.exe to die ..."
        Start-Sleep 10
    }
}
else {
    Write-Host -ForegroundColor Green "${ProcessToCheck}.exe is not running at all (anymore)."
}
Write-Host -ForegroundColor Green "${ProcessToCheck}.exe died, so you can continue."

# Så skal vi slette cab_*_*-filene fra C:\Windows\Temp og vi er paranoide så vi vil se over
# filene først for å verifisere. Kan hoppes over hvis du er verdensvant og sikker, antar jeg.
# Lim inn alle disse linjene under i powershell.exe-vinduet og trykk enter (blank linje) til slutt.
# Eller marker i PowerShell ISE og trykk F8.
$TempCabFilesFile = "$TempDir\SIKT_Cab_Clean_temp.txt"
$TempCBSFilesFile = "$TempDir\SIKT_CBS_Clean_temp.txt"
Get-ChildItem -Path "${env:windir}\Temp\cab_*_*" |
    Select-Object LastWriteTime, @{n='Size (MB)'; e={[math]::Round(($_.Length / 1MB), 2)}}, FullName |
    Format-Table -AutoSize |
    Out-String -Width 1000 | 
    Set-Content -Encoding utf8 -Path $TempCabFilesFile
Get-ChildItem -Path "${env:windir}\Logs\CBS\cbspersi*.*" |
    Select-Object LastWriteTime, @{n='Size (MB)'; e={[math]::Round(($_.Length / 1MB), 2)}}, FullName |
    Format-Table -AutoSize |
    Out-String -Width 1000 |
    Set-Content -Encoding utf8 -Path $TempCBSFilesFile
notepad $TempCabFilesFile
notepad $TempCBSFilesFile

# inspect the files that pop up (merk at det ene notepad-vinduet kan havne bak andre ting)
# og sjekk at ikke noe som ikke skal slettes er med der.
# If all appears well, we run the code from before, but also delete
# sletter vi i tillegg.
# Det som skal slettes er filer med navn cab_1234_56 (vilkårlige tall) og
# CBSPersist_blabla.cab og -.log (.log kan være stor).

# Hvis du er superparanoid, så kan du kjøre disse og se over (fjern "#" først).
#Get-ChildItem -Path "${WinTempDir}\cab_*_*" | Remove-Item -WhatIf
#Get-ChildItem -Path "${env:windir}\Logs\CBS\cbspersi*.*" | Remove-Item -WhatIf

# This actually deletes the files! No output.
Get-ChildItem -Path "${env:windir}\Temp\cab_*_*" | Remove-Item
Get-ChildItem -Path "${env:windir}\Logs\CBS\cbspersi*.*" | Remove-Item

# Start the services again, and run a wuauclt /detectnow
# the latter sometimes fails, but it's not dangerous
Start-Service -Name TrustedInstaller
Start-Service -Name BITS
Start-Service -Name wuauserv
Start-Sleep 3
Start-Process -Wait -PassThru -FilePath wuauclt -ArgumentList '/detectnow'


#### Usually not necessary ####
# Try this if stuff appears broken. Can take a good while.
Start-Process -Wait -PassThru -FilePath sfc -ArgumentList '/scannow'

Answer 4

Solved this issue by downloading a software called "Unlocker" that allowed you to unlink files from memory and delete them.