• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 139
  • Last Modified:

hack problem

Hi,

this morning, I found the D drive of our exchange server is 13 GB data more than usual.
Someone upload a lot of music file...


I also fould folder called emule...there is a thread is system called emule.exe, and I can not stop it...so I could not delete the files on my hard disk

Please help me!
0
robinyanwang
Asked:
robinyanwang
  • 3
  • 3
  • 2
  • +1
2 Solutions
 
LucFCommented:
Hi robinyanwang,

yes, it sure looks like you've been hacked :(

Please download Killbox:
http://www.downloads.subratam.org/KillBox.zip

And set it to delete emule.exe on the next reboot, this will make sure it isn't running on your system after a reboot.
Now, try deleting the mess.

Afterwards, you will have to check if you're still having any problems, maybe a backdoor was installed.
Try a tool like trojan hunter => http://www.trojanhunter.com/
The free trial will do fine for identifying.

If that doesn't work, do a full virusscan using one of the online virusscanners (don't trust on your installed one at this moment)
http://www3.ca.com/virusinfo/virusscan.aspx
http://housecall.trendmicro.com/ 

Greetings,

LucF
0
 
BigC666Commented:
howdy,

yes this is a downloader for Kazza and others, first i would look the remove and install programs for eMule and try to remove it. if that doesn't work let us know.

hope that this helps
0
 
robinyanwangAuthor Commented:
interesting...

just 5 mins, it is gone!!!

I deleted some files, folders under that folder (the hacker created),..

maybe he noticed that, so , just 5 mins ago, all 13 GB is gone!

also I can not find the emule.exe in the system thread.

Will he come back? how to stop it? he seems a good man, right?
0
Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

 
BigC666Commented:
well,
1. have you got all the latest MS updates
2. are you running any antivirus software
3. are you using a firewall

let us know
0
 
LucFCommented:
But as that was possible still indicates that someone has full control on your server :(
So what I still suggest you is to check your system for trojans, virusses etc.
0
 
robinyanwangAuthor Commented:
ok, I will do it after working hours in the night.

I will let you guys know if I have any thing wrong.

thanks a lot for your quick reply!
0
 
BigC666Commented:
you bet

just let us know
0
 
LucFCommented:
Ditto :)

If you're unsure, let us check your running processes.
(as it's 0:17 here I'm going to sleep soon, but I'm sure BigC666 will be able to help you in the time between)

Good luck,

LucF
0
 
MSGeekCommented:
I wouldn't take the chance, rebuild that box from scratch.  
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now