files left by hacker

  • Thread starter Thread starter alan
  • Start date Start date
A

alan

a recent hacking attempt left some application files
called iisantidote-v.2 and WinVNC on our server. how can
these be gotten rid of and how can i find other files
that might have been added? our it guy thinks that we
will have to reformat the harddisk and reinstall windows -
- is there a less drastic solution?
 
You have not said if the server has been isolated from the network and how
big a network or how sensitive the data is.
My reccomendation is either one of 2 options.

Format and re-install from last complete backup.
Format and start again
If it is a mission critical server, then remove, patch and block as a
temporary measure and replace the server, see below software firewall as a
tempoary measure while you build another server.

Unless you can guarantee to the it guy that there is absolutely no
compromised files after a cleanup then you have no alternative but to
rebuild or replace.

Put a decent firewall on eith a hardware box or software firewall like
Winroute pro from Kerio.com

Regards
Don Grover
Australian Scientific Software
 
Back
Top