G
Guest
Hello,
I have a Windows 2000 Server SP4/SQL Server 2000 SP3 box that has recently
been hacked. I am not completely sure how they got in, but there was a nice
neat collection of items - ftp utility, dns utility, sam dump, porn, mp3s,
etc...
I have been slowly cleaning everything off this box, but there are some
things I don't know how to handle. Certain files, like netstat.exe, kill.exe
are no longer available but if I try to recreate/copy them I get a name
collision. If I put them in a new location (anywhere on the server) they
disappear immediately.
Further, I put kill.exe into the root of one drive and now the contents of
the root of that drive are invisible. I can not see anything in that drive
from windows or dos.
The result of dir on that drive is "File Not Found". However, I remember
one of the folders on that drive and I can CD into it with no problem and
browse around all I like. I just can't see or manipulate anything in the
root.
Before you ask, I am showing hidden files and protected OS files.
Is there some utility for Windows, or - god forbid - *nix that I can use to
show ALL files in a directory regardless of any OS level rule? What can I do
to resolve this short of migrating to a new server?
I have seen some utilities that claim to hide files on a much deeper level
than the normal NTFS hide. Surely they must key into some part of Windows.
Is there a programmatic solution to this?
Now I can't even run FileMon anymore... grr....
Thanks for your help!
Sincerely,
Dan B
I have a Windows 2000 Server SP4/SQL Server 2000 SP3 box that has recently
been hacked. I am not completely sure how they got in, but there was a nice
neat collection of items - ftp utility, dns utility, sam dump, porn, mp3s,
etc...
I have been slowly cleaning everything off this box, but there are some
things I don't know how to handle. Certain files, like netstat.exe, kill.exe
are no longer available but if I try to recreate/copy them I get a name
collision. If I put them in a new location (anywhere on the server) they
disappear immediately.
Further, I put kill.exe into the root of one drive and now the contents of
the root of that drive are invisible. I can not see anything in that drive
from windows or dos.
The result of dir on that drive is "File Not Found". However, I remember
one of the folders on that drive and I can CD into it with no problem and
browse around all I like. I just can't see or manipulate anything in the
root.
Before you ask, I am showing hidden files and protected OS files.
Is there some utility for Windows, or - god forbid - *nix that I can use to
show ALL files in a directory regardless of any OS level rule? What can I do
to resolve this short of migrating to a new server?
I have seen some utilities that claim to hide files on a much deeper level
than the normal NTFS hide. Surely they must key into some part of Windows.
Is there a programmatic solution to this?
Now I can't even run FileMon anymore... grr....
Thanks for your help!
Sincerely,
Dan B