Deleting Hacker Created Folders

[Travis]

I'm not sure if this is the correct forum for this but
here goes. I was experimenting with our FTP server as far
as logins and access by NTFS permissions. I came in one
morning and realized that the FTP folder 'ftproot' had
been compromised. They had created a number of folders
inside of each other that now I can't delete. I
immediately shut down access at the router but I still
can't get rid of the folders. In the FTP logs it shows the
names of the folders. They are 'null','com1', 'i 24428',
etc. They seem to have leading and/or trailing characters
of '+'. I've gone into DOS and tried to delete the ftproot
folder itself but it won't let me. Is there any way to
delete these folders?

 

[Marina Roos]

You're in serious problems. Even if you manage to get rid of those files and
folders, you still won't know what else those hackers might have left.
Consider a format and reinstall.

 

[Travis]

According to my logfiles created at the time they did this
there was no other activity besides those folders being
created and some test files transfered into and out of
them. It appeared they were trying to setup a transfer
site for trading of files. Luckily I caught it before too
much was done and blocked further access to it. I just
couldn't get rid of those folders, but I solved my own
problem with a Knowledge Base Article. Anyone who might
have the same dilema can try Article 120716 or it was also
published under Article Q120716. Thanks for replying
anyway.
Regards,
Travis

 

[Mauricio Paiva]

Yeah Travis. That is a good Article but be sure they cannot access your
server again. Run a test yourself or ask a close friend to do it.

Rgds, Mauricio