Hacked file server .

S

Stacy Halbert

Recently my non production win2k SP3 file server was
hacked....I believe via FTP. Somehow the file and folder
contents from these activities are either encrypted in
some way or written to the disk in a manner that explorer
can see these weird folder and file names, but cannot
delete these. Is there anyway I can delete these folders
and files? I get a cannot read from source disk when I
try to delete in explorer. Thanks.
 
C

CheckAbdoul

Open up a command prompt and type

C:\YourFTPDir> dir /X

Note down the 8.3 style short name displayed. Let us say 'abcde~1'. Now
type 'del abcde~1' at the command prompt to delete the file.

If you still cannot delete the file, use the Process explorer ( from
www.sysinternals.com ) to find out which process is currently accessing the
file and close the open handle and try the above steps again.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Removing Blank Directory 2
message - cannot delete file: cannot read the source file or disk 1
Server got hacked and now I have a folder I cannot delete 1
Removing Blank Directory 2
error message -- cannot delete file: cannot read the source file or disk. 0
Deleting Encrypted file 2
Deleting Temp Files 4
Can't delete file message 1

Top