• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 146
  • Last Modified:

hack problem

Hi,

this morning, I found the D drive of our exchange server is 13 GB data more than usual.
Someone upload a lot of music file...


I also fould folder called emule...there is a thread is system called emule.exe, and I can not stop it...so I could not delete the files on my hard disk

Please help me!
0
robinyanwang
Asked:
robinyanwang
  • 3
  • 3
  • 2
  • +1
2 Solutions
 
LucFEMEA Server EngineerCommented:
Hi robinyanwang,

yes, it sure looks like you've been hacked :(

Please download Killbox:
http://www.downloads.subratam.org/KillBox.zip

And set it to delete emule.exe on the next reboot, this will make sure it isn't running on your system after a reboot.
Now, try deleting the mess.

Afterwards, you will have to check if you're still having any problems, maybe a backdoor was installed.
Try a tool like trojan hunter => http://www.trojanhunter.com/
The free trial will do fine for identifying.

If that doesn't work, do a full virusscan using one of the online virusscanners (don't trust on your installed one at this moment)
http://www3.ca.com/virusinfo/virusscan.aspx
http://housecall.trendmicro.com/ 

Greetings,

LucF
0
 
BigC666Commented:
howdy,

yes this is a downloader for Kazza and others, first i would look the remove and install programs for eMule and try to remove it. if that doesn't work let us know.

hope that this helps
0
 
robinyanwangAuthor Commented:
interesting...

just 5 mins, it is gone!!!

I deleted some files, folders under that folder (the hacker created),..

maybe he noticed that, so , just 5 mins ago, all 13 GB is gone!

also I can not find the emule.exe in the system thread.

Will he come back? how to stop it? he seems a good man, right?
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
BigC666Commented:
well,
1. have you got all the latest MS updates
2. are you running any antivirus software
3. are you using a firewall

let us know
0
 
LucFEMEA Server EngineerCommented:
But as that was possible still indicates that someone has full control on your server :(
So what I still suggest you is to check your system for trojans, virusses etc.
0
 
robinyanwangAuthor Commented:
ok, I will do it after working hours in the night.

I will let you guys know if I have any thing wrong.

thanks a lot for your quick reply!
0
 
BigC666Commented:
you bet

just let us know
0
 
LucFEMEA Server EngineerCommented:
Ditto :)

If you're unsure, let us check your running processes.
(as it's 0:17 here I'm going to sleep soon, but I'm sure BigC666 will be able to help you in the time between)

Good luck,

LucF
0
 
MSGeekCommented:
I wouldn't take the chance, rebuild that box from scratch.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now