Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Think client got hacked...

Status
Not open for further replies.
frosty7700

frosty7700

Programmer
Joined
Aug 10, 2001
Messages
95
Location
US
One of my client's have a really bizarre problem on their NT Server. It is running IIS. Within the directory, a folder was somehow created called " ;;; ... NuKeB TaG ... ;;; " or some similar hack-kiddie drivel, and beneath that another folder with a similarly cheesy name. THIS folder in turn contained more folders containing arachived (RAR, I believe) computer games...at least what appeared to be computer games based on searches on the directory names on Google. The running theory is that someone got onto this server and has tried to use it as a distribution point for ripped software, or merely did this as a prank. In any event, I set all of the stuff to Read-Only and cut off all access for Internet users. I also deleted the files and directories containing them. HOWEVER, the two parent folders described above won't die...whenever I try to do anything to them (delete, rename, move, etc.), I get a "cannot find specified file" error. I checked the permissions on them but can't figure out what the deal is. This is pretty messed up...though I am moderately impressed. I think I already plugged a rather glaring security hole that may have been used (or created...), but ideas for killing these folders would be nice.
 
Sort by date Sort by votes
There may be a process running that is holding those files open. Try a fresh boot, stop IIS and any other servers you've got running on the machine. If you still can't delete them, look at the process list (ctrl-shift-esc) and see if there's anything running that you don't recognize.

Chip H.
 
Upvote 0 Downvote
Try renaming the files if possible. Then reboot into dos mode and try deleting or use deltree on them.
 
Upvote 0 Downvote
Try deleting them from the dos prompt with this format.

del \\.\drive\folder\file

ex.
del \\.\c:\temp\as\setup.pdf



HTH
Rob
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Teo En Ming
  • Locked
  • Question Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
913
fightaccording
fightaccording
lecombs1950
  • Locked
  • Question Question
PKI and Client server application
Replies
0
Views
255
lecombs1950
lecombs1950
kjv1611
  • Locked
  • Question Question
New Client Picks Up Old Client IP Address, Both now Share?
Replies
4
Views
429
kjv1611
kjv1611
HKNinja
  • Locked
  • Question Question
Client PCs are not showing up on WSUS in Windows Server 2012
Replies
0
Views
274
HKNinja
HKNinja
motita2008
  • Locked
  • Question Question
Windows Server ESSENTIALS 2012 R2 does not open some websites in client
Replies
1
Views
276
njenkins93
njenkins93

Part and Inventory Search

Sponsor

Back
Top