Re: Hacked - Folders and Files Disappear

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Dave Patrick (mail_at_Nospam.DSPatrick.com)
Date: 12/04/04 

Date: Fri, 3 Dec 2004 21:54:33 -0700

It's not worth spending any time with. Rebuild the server. 

-- 
Regards,
Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect
"brenndan" wrote:
| Hello,
|
| I have a Windows 2000 Server SP4/SQL Server 2000 SP3 box that has recently
| been hacked.  I am not completely sure how they got in, but there was a 
nice
| neat collection of items - ftp utility, dns utility, sam dump, porn, mp3s,
| etc...
|
| I have been slowly cleaning everything off this box, but there are some
| things I don't know how to handle.  Certain files, like netstat.exe, 
kill.exe
| are no longer available but if I try to recreate/copy them I get a name
| collision.  If I put them in a new location (anywhere on the server) they
| disappear immediately.
|
| Further, I put kill.exe into the root of one drive and now the contents of
| the root of that drive are invisible.  I can not see anything in that 
drive
| from windows or dos.
| The result of dir on that drive is "File Not Found".  However, I remember
| one of the folders on that drive and I can CD into it with no problem and
| browse around all I like.  I just can't see or manipulate anything in the
| root.
|
| Before you ask, I am showing hidden files and protected OS files.
|
| Is there some utility for Windows, or - god forbid - *nix that I can use 
to
| show ALL files in a directory regardless of any OS level rule?  What can I 
do
| to resolve this short of migrating to a new server?
|
| I have seen some utilities that claim to hide files on a much deeper level
| than the normal NTFS hide.  Surely they must key into some part of 
Windows.
| Is there a programmatic solution to this?
|
| Now I can't even run FileMon anymore...  grr....
|
| Thanks for your help!
|
| Sincerely,
| Dan B

Relevant Pages

  • Hacked - Folders and Files Disappear
    ... If I put them in a new location (anywhere on the server) they ... the root of that drive are invisible. ... show ALL files in a directory regardless of any OS level rule? ... Surely they must key into some part of Windows. ...
    (microsoft.public.win2000.general)
  • Re: How-to: Single user and disable X windows
    ... > I had configured a redhat 9 linux as a server with x windows previously. ... > How to go into single user mode to over write the root passwd. ... Next highlight the Linux boot option and press the 'e' key. ...
    (alt.os.linux.redhat)
  • RE: Problems in setting display variable for X Windows server
    ... I have logged in as root directly into the window using a ssh connection ... though nobody is using the connection...the server still has some files left ... Problems in setting display variable for X Windows server ... Obviously you were root. ...
    (RedHat)
  • Re: Problems in setting display variable for X Windows server
    ... Obviously you were root. ... Problems in setting display variable for X Windows server ... Problems in setting display variable for X Windows server ...
    (RedHat)
  • Re: Of mice and men
    ... However, being able to change the permission of a file does depend on who owns the file, and what permissions they have given to others over that file. ... You may have installed something as "root" that enables the program to "execute" as root. ... A server is part of the OS, not an standard application run by a user. ... admin account....but this could also be done in Windows etc etc....people just view windows as a "home" OS and most "home" users just don't want to deal with the fact that there are more than one way to protect yourself. ...
    (comp.lang.cobol)