robinyanwang
asked on
hack problem
Hi,
this morning, I found the D drive of our exchange server is 13 GB data more than usual.
Someone upload a lot of music file...
I also fould folder called emule...there is a thread is system called emule.exe, and I can not stop it...so I could not delete the files on my hard disk
Please help me!
this morning, I found the D drive of our exchange server is 13 GB data more than usual.
Someone upload a lot of music file...
I also fould folder called emule...there is a thread is system called emule.exe, and I can not stop it...so I could not delete the files on my hard disk
Please help me!
howdy,
yes this is a downloader for Kazza and others, first i would look the remove and install programs for eMule and try to remove it. if that doesn't work let us know.
hope that this helps
yes this is a downloader for Kazza and others, first i would look the remove and install programs for eMule and try to remove it. if that doesn't work let us know.
hope that this helps
ASKER
interesting...
just 5 mins, it is gone!!!
I deleted some files, folders under that folder (the hacker created),..
maybe he noticed that, so , just 5 mins ago, all 13 GB is gone!
also I can not find the emule.exe in the system thread.
Will he come back? how to stop it? he seems a good man, right?
just 5 mins, it is gone!!!
I deleted some files, folders under that folder (the hacker created),..
maybe he noticed that, so , just 5 mins ago, all 13 GB is gone!
also I can not find the emule.exe in the system thread.
Will he come back? how to stop it? he seems a good man, right?
well,
1. have you got all the latest MS updates
2. are you running any antivirus software
3. are you using a firewall
let us know
1. have you got all the latest MS updates
2. are you running any antivirus software
3. are you using a firewall
let us know
But as that was possible still indicates that someone has full control on your server :(
So what I still suggest you is to check your system for trojans, virusses etc.
So what I still suggest you is to check your system for trojans, virusses etc.
ASKER
ok, I will do it after working hours in the night.
I will let you guys know if I have any thing wrong.
thanks a lot for your quick reply!
I will let you guys know if I have any thing wrong.
thanks a lot for your quick reply!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I wouldn't take the chance, rebuild that box from scratch.
yes, it sure looks like you've been hacked :(
Please download Killbox:
http://www.downloads.subratam.org/KillBox.zip
And set it to delete emule.exe on the next reboot, this will make sure it isn't running on your system after a reboot.
Now, try deleting the mess.
Afterwards, you will have to check if you're still having any problems, maybe a backdoor was installed.
Try a tool like trojan hunter => http://www.trojanhunter.com/
The free trial will do fine for identifying.
If that doesn't work, do a full virusscan using one of the online virusscanners (don't trust on your installed one at this moment)
http://www3.ca.com/virusinfo/virusscan.aspx
http://housecall.trendmicro.com/
Greetings,
LucF