Re: Security Permissions Hacked

From: Steve (
Date: 05/30/02

From: Steve <>
Date: 30 May 2002 18:31:12 GMT

"ben.frost" <> wrote in

> Hello,
> I hooked up a Windows 2000 box to my network (actually, it's on a T1 by
> itself) and left it over the weekend. This machine has no special
> purpose and i'm going to blow it up and reinstall as a web server here
> real soon. In other words, there's nothing real special on this machine
> and it's not attached to anything else.
> What worries me is that someone uploaded a bunch of DivX files to share
> with buddies, using this server (for a day or two) as an FTP server.
> I have since disconnected the server from the T1, but i cannot delete
> the 1.6 Gigs of files this hacker uploaded. In fact, the Security
> properties of the folder are missing! The only tabs available are
> General and Sharing, and the folder shows NO information such as Size,
> Modified, Created, etc. I'm trying to research this and learn from it
> to protect myself in the future...anyone have any suggestions regarding
> resetting the permissions properties for such a hacked folder? Or even
> deleting it? I want to find out as much as possible before i blow up
> the server.
> Thanks,
> ben.

Hi Ben,

Chances are pretty good that the bad guys used a utility to create
folders that are using "Reserved names" like lpt1 or prn. These
cannot be deleted using explorer or other commonly used windows tools.

Take a look on the microsoft knowledge base at this article and it will
show you how to get rid of it.;EN-US;q120716