943,935 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Hidden files.. Server not even kissed
Ad:
Permalink
Aug 11th, 2005
0

Hidden files.. Server not even kissed

Expand Post »
I was recently asked to help out with a local server.. when I got here, I found w2k service pack 4, norton anti-virus up to date, but that was pretty much it.. after running the typical gambit of tools, hijackthis, rootkitdefender, ewido, pest patrol, etc, I found a variety of baddies... backdoor.servU-based, heuristic.win32.morphine-crypted, etc.

now I've killed what I think are the bulk of the baddies, moved this box behind a firewall (and I dont' see any more broadcasts) but I want to track down some of the info on how and/or what this creative little (*#&#$&$#) person had done... in addition to serving as a movie/music server.

when I read the report from rootkitdef I see that there are folders under the winnt\system32\inetsrv folder \mandrake\site etc etc

now I can't see any of these files from explorer or IS I can open a dos prompt and get to them or at least some of them.. there are some that even from dos I get a reply "can't access this directory" not a message saying you miss typed it.. or it doesn't exist... but that even as local admin I apparently don't have authority to it..

I do have all the common settings set for show hidden files.. etc...

any suggestions would be very appreciated...

thanks

Dave
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
EscCon is offline Offline
2 posts
since Aug 2005
Permalink
Aug 11th, 2005
0

Re: Hidden files.. Server not even kissed

eh? you can't see these folders from explorer?
did you check your settings? tools > folder options > view.
make sure you have show hidden files and folders selected AND
have uncheck "hide protected operating system files". that should let you see it in explorer. now right click the file and click the security tab. and make sure you group or admin account has premission to read / write / list / execute stuff on that directory. if not. you need to find an account that does.

remmber... you can't deleted a file that is locked open by an active process. that process must be killed and first.

what error do you get exactly? "access denied!"?
Reputation Points: 15
Solved Threads: 10
Unverified User
BinaryMayhem is offline Offline
173 posts
since Jun 2004
Permalink
Aug 12th, 2005
0

Re: Hidden files.. Server not even kissed

Quote originally posted by BinaryMayhem ...
eh? you can't see these folders from explorer?
did you check your settings? tools > folder options > view.
make sure you have show hidden files and folders selected AND
have uncheck "hide protected operating system files". that should let you see it in explorer.
Quote originally posted by BinaryMayhem ...

I agree it should let me see them... and yes I have done these steps. They act like a pst or internet cache files.. hidded from sight but if you know they exist.. you can find them.

now right click the file and click the security tab. and make sure you group or admin account has premission to read / write / list / execute stuff on that directory. if not. you need to find an account that does.

I can't get to them via windows, so I can't change the permissions thus my problem.

remmber... you can't deleted a file that is locked open by an active process. that process must be killed and first.

what error do you get exactly? "access denied!"?
and yes the error reads.. access denied... I think somehow someone loaded a linux kernal under a shell.. and that's why I can't get to the stuff....

still open to suggestions..


Dave
Reputation Points: 10
Solved Threads: 0
Newbie Poster
EscCon is offline Offline
2 posts
since Aug 2005

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Browser Windows Keep Opening and Won´t Stop (HT Log included)
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Internet cant connect directly! Trojan?





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC