Re: A Mailicious looking hack

From: David Postill (david_at_postill.org.uk)
Date: 10/29/03 

Date: Wed, 29 Oct 2003 17:56:18 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <Xns9423ACCE8375stevejufrmsa1uniforu@196.25.240.158>, on 29 Oct 2003 15:01:37 GMT, Steve Jankelowitz
<stevej@ufrmsa1.uniforum.org.za> wrote:

| Hi
|
| I wonder if anyone can shed some light on the following:
|
| A server kept crashing, the hardware is pretty old so it was obvoiusly the
| 1st thing that was looked at. The box is running Windows NT 4. It turned
| out that the hardware is fine. but we found directories containing
| encrypted files as well as suspicious files in the Windows directories.
| We can not delete these directories. It looks to me as if someone has
| hacked into the box and is using it as a gateway, probably for something
| illegal.
|
| Has anyone encountered this problem and if so, what can I do to fix it.

Your best option at this point is a clean install from known good media
(your original windows NT CD). While doing so make sure you are not connected
to the internet.

Before connecting to the internet install firewall and virus checkers also
from known good media (a good idea might be to get someone who has a secure
system to download them and burn them to CD for you, along with all updates,
particularly for the virus checker).

Then connect to the net and install all NT patches.

HTH

<davidp />

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com
Comment: Get key from pgpkeys.mit.edu:11370

iQA/AwUBP5/r33xp7q1nhFwUEQIDLACg4xsMOnH8DX4w7whsXkcPOh/YLdcAnRIM
u01mQOD3zN6n4d8pJTXwLoeA
=ultA
-----END PGP SIGNATURE-----

<davidp /> 

-- 
David Postill
Quantcast