Hacked file server .

[Stacy Halbert]

Recently my non production win2k SP3 file server was
hacked....I believe via FTP. Somehow the file and folder
contents from these activities are either encrypted in
some way or written to the disk in a manner that explorer
can see these weird folder and file names, but cannot
delete these. Is there anyway I can delete these folders
and files? I get a cannot read from source disk when I
try to delete in explorer. Thanks.

 

[CheckAbdoul]

Open up a command prompt and type

C:\YourFTPDir> dir /X

Note down the 8.3 style short name displayed. Let us say 'abcde~1'. Now
type 'del abcde~1' at the command prompt to delete the file.

If you still cannot delete the file, use the Process explorer ( from
www.sysinternals.com ) to find out which process is currently accessing the
file and close the open handle and try the above steps again.