Re: Security Permissions Hacked

From: Steve (me@here.ca)
Date: 05/30/02


From: Steve <me@here.ca>
Date: 30 May 2002 18:31:12 GMT


"ben.frost" <ben.frost@attbi.com> wrote in
news:Cz8J8.57681$352.3768@sccrnsc02:

> Hello,
> I hooked up a Windows 2000 box to my network (actually, it's on a T1 by
> itself) and left it over the weekend. This machine has no special
> purpose and i'm going to blow it up and reinstall as a web server here
> real soon. In other words, there's nothing real special on this machine
> and it's not attached to anything else.
> What worries me is that someone uploaded a bunch of DivX files to share
> with buddies, using this server (for a day or two) as an FTP server.
> I have since disconnected the server from the T1, but i cannot delete
> the 1.6 Gigs of files this hacker uploaded. In fact, the Security
> properties of the folder are missing! The only tabs available are
> General and Sharing, and the folder shows NO information such as Size,
> Modified, Created, etc. I'm trying to research this and learn from it
> to protect myself in the future...anyone have any suggestions regarding
> resetting the permissions properties for such a hacked folder? Or even
> deleting it? I want to find out as much as possible before i blow up
> the server.
>
> Thanks,
> ben.
>
>

Hi Ben,

Chances are pretty good that the bad guys used a utility to create
folders that are using "Reserved names" like lpt1 or prn. These
cannot be deleted using explorer or other commonly used windows tools.

Take a look on the microsoft knowledge base at this article and it will
show you how to get rid of it.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q120716

Cheers,

Steve