Solved

hack problem

Posted on 2004-08-30
9
132 Views
Last Modified: 2010-04-14
Hi,

this morning, I found the D drive of our exchange server is 13 GB data more than usual.
Someone upload a lot of music file...


I also fould folder called emule...there is a thread is system called emule.exe, and I can not stop it...so I could not delete the files on my hard disk

Please help me!
0
Comment
Question by:robinyanwang
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 32

Expert Comment

by:LucF
ID: 11936035
Hi robinyanwang,

yes, it sure looks like you've been hacked :(

Please download Killbox:
http://www.downloads.subratam.org/KillBox.zip

And set it to delete emule.exe on the next reboot, this will make sure it isn't running on your system after a reboot.
Now, try deleting the mess.

Afterwards, you will have to check if you're still having any problems, maybe a backdoor was installed.
Try a tool like trojan hunter => http://www.trojanhunter.com/
The free trial will do fine for identifying.

If that doesn't work, do a full virusscan using one of the online virusscanners (don't trust on your installed one at this moment)
http://www3.ca.com/virusinfo/virusscan.aspx
http://housecall.trendmicro.com/ 

Greetings,

LucF
0
 
LVL 9

Expert Comment

by:BigC666
ID: 11936069
howdy,

yes this is a downloader for Kazza and others, first i would look the remove and install programs for eMule and try to remove it. if that doesn't work let us know.

hope that this helps
0
 

Author Comment

by:robinyanwang
ID: 11936478
interesting...

just 5 mins, it is gone!!!

I deleted some files, folders under that folder (the hacker created),..

maybe he noticed that, so , just 5 mins ago, all 13 GB is gone!

also I can not find the emule.exe in the system thread.

Will he come back? how to stop it? he seems a good man, right?
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 9

Expert Comment

by:BigC666
ID: 11936503
well,
1. have you got all the latest MS updates
2. are you running any antivirus software
3. are you using a firewall

let us know
0
 
LVL 32

Expert Comment

by:LucF
ID: 11936505
But as that was possible still indicates that someone has full control on your server :(
So what I still suggest you is to check your system for trojans, virusses etc.
0
 

Author Comment

by:robinyanwang
ID: 11936565
ok, I will do it after working hours in the night.

I will let you guys know if I have any thing wrong.

thanks a lot for your quick reply!
0
 
LVL 9

Assisted Solution

by:BigC666
BigC666 earned 150 total points
ID: 11936569
you bet

just let us know
0
 
LVL 32

Accepted Solution

by:
LucF earned 350 total points
ID: 11936590
Ditto :)

If you're unsure, let us check your running processes.
(as it's 0:17 here I'm going to sleep soon, but I'm sure BigC666 will be able to help you in the time between)

Good luck,

LucF
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 11936974
I wouldn't take the chance, rebuild that box from scratch.  
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Robocopy - migrate user shares access denied 6 1,523
Virtualise server 2000 for Hyper V 4 856
Windows 16 350
Install Window 2012 Domain on 9 132
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Some of the SEO trends we might expect in 2017.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question