Re: MS IIS 5 server is hacked leaving undeletable folders and files

[Mike Arnold <mike () midkaemia fsnet co uk>]

On Tuesday 31 December 2002 4:54 pm, Don Phillipe wrote:
> I have a small server I use for my home business and use it mainly for
> anyone who needs to send a large file that will not go through email.  I
> have an anonymous UPLOAD FTP account that I open up to receive these.  From
> time to time I forget and leave this open (I know this is stupid but I
> thought I could just erase anything that was put there because the small
> drive would fill up real soon).  However, I see someone has hacked into my
> server and put a bunch of trash that I cannot delete because when I try to
> delete it, Windows 2K says "cannot find the specified file".   I have spent
> 2 days researching this and cannot find any reference of how to correct
> this.   I did find some reference to looking at the security tab for these
> files but the security tab is missing!  I found some tools which are
> supposed to set owners for files and they don't work on these files.   Here
> is the log from where the hacker attacked below.  Any help would be
> appreciated.  I don't want to have to rebuild my server if possible:

If you have access to a linux bootable cd/floppy you can delete it in that. 
Must have NTFS support though.

I have done this before using this technique, took 2 minutes.

Cheers

-- 
        By three methods we may learn wisdom: 
                First, by reflection, which is noblest; 
                Second, by imitation, which is easiest; 
                and third by experience, which is the bitterest. 

                        --Confucius