 |  |  |  |  |  |  |  |
Hidden files.. Server not even kissed
 |
I was recently asked to help out with a local server.. when I got here, I found w2k service pack 4, norton anti-virus up to date, but that was pretty much it.. after running the typical gambit of tools, hijackthis, rootkitdefender, ewido, pest patrol, etc, I found a variety of baddies... backdoor.servU-based, heuristic.win32.morphine-crypted, etc.
now I've killed what I think are the bulk of the baddies, moved this box behind a firewall (and I dont' see any more broadcasts) but I want to track down some of the info on how and/or what this creative little (*#&#$&$#) person had done... in addition to serving as a movie/music server.
when I read the report from rootkitdef I see that there are folders under the winnt\system32\inetsrv folder \mandrake\site etc etc
now I can't see any of these files from explorer or IS I can open a dos prompt and get to them or at least some of them.. there are some that even from dos I get a reply "can't access this directory" not a message saying you miss typed it.. or it doesn't exist... but that even as local admin I apparently don't have authority to it..
I do have all the common settings set for show hidden files.. etc...
any suggestions would be very appreciated...
thanks
Dave
now I've killed what I think are the bulk of the baddies, moved this box behind a firewall (and I dont' see any more broadcasts) but I want to track down some of the info on how and/or what this creative little (*#&#$&$#) person had done... in addition to serving as a movie/music server.
when I read the report from rootkitdef I see that there are folders under the winnt\system32\inetsrv folder \mandrake\site etc etc
now I can't see any of these files from explorer or IS I can open a dos prompt and get to them or at least some of them.. there are some that even from dos I get a reply "can't access this directory" not a message saying you miss typed it.. or it doesn't exist... but that even as local admin I apparently don't have authority to it..
I do have all the common settings set for show hidden files.. etc...
any suggestions would be very appreciated...
thanks
Dave
•
•
Join Date: Jun 2004
Posts: 173
Reputation: 
Solved Threads: 9
Unverified User
eh? you can't see these folders from explorer?
did you check your settings? tools > folder options > view.
make sure you have show hidden files and folders selected AND
have uncheck "hide protected operating system files". that should let you see it in explorer. now right click the file and click the security tab. and make sure you group or admin account has premission to read / write / list / execute stuff on that directory. if not. you need to find an account that does.
remmber... you can't deleted a file that is locked open by an active process. that process must be killed and first.
what error do you get exactly? "access denied!"?
did you check your settings? tools > folder options > view.
make sure you have show hidden files and folders selected AND
have uncheck "hide protected operating system files". that should let you see it in explorer. now right click the file and click the security tab. and make sure you group or admin account has premission to read / write / list / execute stuff on that directory. if not. you need to find an account that does.
remmber... you can't deleted a file that is locked open by an active process. that process must be killed and first.
what error do you get exactly? "access denied!"?
•
•
•
•
Originally Posted by BinaryMayhem
eh? you can't see these folders from explorer?
did you check your settings? tools > folder options > view.
make sure you have show hidden files and folders selected AND
have uncheck "hide protected operating system files". that should let you see it in explorer.
•
•
•
•
Originally Posted by BinaryMayhem
I agree it should let me see them... and yes I have done these steps. They act like a pst or internet cache files.. hidded from sight but if you know they exist.. you can find them.
now right click the file and click the security tab. and make sure you group or admin account has premission to read / write / list / execute stuff on that directory. if not. you need to find an account that does.
I can't get to them via windows, so I can't change the permissions thus my problem.
remmber... you can't deleted a file that is locked open by an active process. that process must be killed and first.
what error do you get exactly? "access denied!"?
still open to suggestions..
Dave
|
Similar Threads
- hidden files contents (IT Professionals' Lounge)
- Missing Hidden Files...AGAIN!!! (Windows NT / 2000 / XP)
- How do I view hidden files on my Mac Mini? :) (Mac tips 'n' tweaks)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Browser Windows Keep Opening and Won´t Stop (HT Log included)
- Next Thread: Internet cant connect directly! Trojan?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus samhain sans school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war windows worm yahoo zeroday
