Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations MikeeOK on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Been Hacked - ARRGHHH 1

Status
Not open for further replies.
idover

idover

Programmer
Jan 31, 2001
9
US
okay, some harmless hackers compromised iis and used ftp to transfer a few files to yonder... they did no damage, but left behind a nice little surprise that i just came across... a folder with no name... i'm a programmer, not an admin, really... so how the heck did they do it, and how do i get rid of it?... whenever i try to delete it, rename it, anything.. i get an error: Cannot Read from the Source File or Disk... does the same with the contents... this is driving me nuts... i cut them off before they could move a few files off of this machine, and they're taking up a lot of space... any help would be greatly appreciated... thanks in advance!

ike!
 
Sort by date Sort by votes
hi idover

this has been dealt in details before
see this thread:

thread96-119612 it helps
Kapil Technical Director
Infovalley Interweb Pvt. Ltd.
Microsoft Certified System Engineer
visit
If u find the information provided here useful to u then let me know by clicking on the link below s-)
 
Upvote 0 Downvote
thanks!... fortunately, i was able to solve this problem yesterday... i actually had the idea to mount the drive in linux and remove them, but i really don't know how well linux can deal with ntfs partitions, so i didn't... i eventually ended up just using the command line... i can't remember exactly how i did it, but what do i care, as long as it worked, right?... lol... ahh, the philosophy of a programmer...

thanks again!
ike!
 
Upvote 0 Downvote
Anyone, I got hit the same way, a harmless (empty) folder was added to my FTP site. But this time they did not use ALT255 as the special character. I have all FTP logged, so I know the exact command, but I still cannot delete their creation. Here is the logged command they used:
MKD strk.tagged+/+/

Any ideas to kill this one? I deleted the parent directory, but it just clogged the recycle bin, as this folder cannot be deleted, renamed, or accessed in any way.

 
Upvote 0 Downvote
Try this.

Stop IIS from the Services in the conrol panel. This will also stop ftp, smtp and services. Then rename/delete the problem folder. If this does not work then stop as many services as possible especial SQLManager. The task manager can be handy in killing some of these services and re-attempt deletion of problem folder.

Good luck

Ps. Also check programs that run at startup and ensure these are the only required ones!!!!

Alternatively, right click on Start button and check the Programs folder. Uninstall / delete (should still be in the trash can, just in case its an inadvertent delete) any program you donot recognise
!!!!!!!!!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jimthecanadian
  • Locked
  • Question
Browse List has several stations that have been retired
Replies
4
Views
187
jimthecanadian
jimthecanadian
vich
  • Locked
  • Question
Think I am Being Hacked Into
Replies
1
Views
75
NortonES2
NortonES2
Ceez
  • Locked
  • Question
Our webserver hacked via webfolders, how can I secure it?
Replies
0
Views
73
Ceez
Ceez
Tona955
  • Locked
  • Question
HELP!! Server 2003 being hacked
Replies
9
Views
281
reynolwi
reynolwi
bTkalternate
  • Locked
  • Question
DFS settings have been deleted accidentally
Replies
4
Views
134
bTkalternate
bTkalternate

Part and Inventory Search

Sponsor

Back
Top