hack problem


this morning, I found the D drive of our exchange server is 13 GB data more than usual.
Someone upload a lot of music file...

I also fould folder called emule...there is a thread is system called emule.exe, and I can not stop it...so I could not delete the files on my hard disk

Please help me!
Who is Participating?
LucFConnect With a Mentor EMEA Server EngineerCommented:
Ditto :)

If you're unsure, let us check your running processes.
(as it's 0:17 here I'm going to sleep soon, but I'm sure BigC666 will be able to help you in the time between)

Good luck,

LucFEMEA Server EngineerCommented:
Hi robinyanwang,

yes, it sure looks like you've been hacked :(

Please download Killbox:

And set it to delete emule.exe on the next reboot, this will make sure it isn't running on your system after a reboot.
Now, try deleting the mess.

Afterwards, you will have to check if you're still having any problems, maybe a backdoor was installed.
Try a tool like trojan hunter => http://www.trojanhunter.com/
The free trial will do fine for identifying.

If that doesn't work, do a full virusscan using one of the online virusscanners (don't trust on your installed one at this moment)



yes this is a downloader for Kazza and others, first i would look the remove and install programs for eMule and try to remove it. if that doesn't work let us know.

hope that this helps
Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

robinyanwangAuthor Commented:

just 5 mins, it is gone!!!

I deleted some files, folders under that folder (the hacker created),..

maybe he noticed that, so , just 5 mins ago, all 13 GB is gone!

also I can not find the emule.exe in the system thread.

Will he come back? how to stop it? he seems a good man, right?
1. have you got all the latest MS updates
2. are you running any antivirus software
3. are you using a firewall

let us know
LucFEMEA Server EngineerCommented:
But as that was possible still indicates that someone has full control on your server :(
So what I still suggest you is to check your system for trojans, virusses etc.
robinyanwangAuthor Commented:
ok, I will do it after working hours in the night.

I will let you guys know if I have any thing wrong.

thanks a lot for your quick reply!
BigC666Connect With a Mentor Commented:
you bet

just let us know
I wouldn't take the chance, rebuild that box from scratch.  
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.