Hacked Win2k

From: LW Irving (lirving@coffs.com.au)
Date: 06/22/02

• Next message: Dan Guisinger: "Importing MD5 passwords?"
• Previous message: Eric Perlin [MS]: "Re: Certificate Authority and smart cards"
• Next in thread: Joshua Heslinga: "Re: Hacked Win2k"
• Reply: Joshua Heslinga: "Re: Hacked Win2k"
• Reply: Jeff Cochran: "Re: Hacked Win2k"
• Reply: David Robbins: "Re: Hacked Win2k"
• Reply: Kevin D. Quitt: "Re: Hacked Win2k"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "LW Irving" <lirving@coffs.com.au>
Date: Sat, 22 Jun 2002 14:49:01 +1000

I have a win 2k server SP2 all patches applied, it may have been compromised
with Nimda when it came out. The problem is on the RAID array which store
data and has the company website on it.

I wrote an ASP website, which works everywhere else, when tried to run it
said could not find file. tried a number of files and find that it can run
HTML but Not ASP.
Went to reinstall FP extentions got series of error messages saying that FP
could no filnd the folders.

Tried to FTP in. Loged in OK but file listing corrupt, ie. filenames in date
colum funny character for filename.

Upon further investigation have found a series of folder with either no name
or strange names ie "Kuibus Rulez" or "Tagged" or "respect this tag"

Also heaps of error in HP backup log where the system could not enumerate
this folder or file therefore not backed up.

Anyone seen any thing like this.

I am starting to think I may need to format the raid array. and manually
restore the directory structure ??

Any thoughts on this would be appreciated

Regards
Wayne
lirving@coffs.com.au

---

• Next message: Dan Guisinger: "Importing MD5 passwords?"
• Previous message: Eric Perlin [MS]: "Re: Certificate Authority and smart cards"
• Next in thread: Joshua Heslinga: "Re: Hacked Win2k"
• Reply: Joshua Heslinga: "Re: Hacked Win2k"
• Reply: Jeff Cochran: "Re: Hacked Win2k"
• Reply: David Robbins: "Re: Hacked Win2k"
• Reply: Kevin D. Quitt: "Re: Hacked Win2k"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Hacked Win2k ... that type of stuff sounds like hackers coming in on an unsecured ftp server. ... Loged in OK but file listing corrupt, ie. filenames in ... > this folder or file therefore not backed up. ... (microsoft.public.win2000.security) Error: Desktop Folder Moved ... I am using Win2k on a server with a RAID array. ... We had a disk crash ... Administrator" I can see the Desktop folder there and the contents seem to ... (microsoft.public.win2000.windows_update) Alternatives to du ... I have a need to determine the amount of space used in a particular folder, but don't really want to use du because of the beating my RAID array takes. ... (Fedora) Re: changing shell folder location problems ... special folder locations from there. ... I never succeeded in moving the shared docs folder, ... the RAID array. ... (uk.comp.homebuilt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.win2000.security  > 2002-06