|
that
would be something similar to what you're seeing, but keep in mind that this
could be only the start of something larger.
Bruce Dunwiddie
Ticket Technology
P:
866.543.3331
F: 913.451.7832
[EMAIL PROTECTED]
that
does not sound like a virus. it sounds like you became someone's storage
b****, which of course is the technical definition. you're now probably
hosting infection files to infect other computers. you need to immediately
take down any non critical services and machines and do a full security audit
involving network monitoring and tracking of where the attack came from. you
should expect emails to come in shortly to [EMAIL PROTECTED] from other
companys/individuals that are seeing at very least your ftp server being
involved in new attacks on them and blaming you. there could conceivably be
rampant infections and abuse going on throughout your entire network. you need
to find out immediately what was comprimised and what wasn't. it sounds like a
lot of work I know, and I'm sure you and/or your bosses won't be up for all of
it, but things can get SEVERELY worse from here if you don't track down what
happened and make sure it doesn't continue. As for deleting the files, they
were created in a way to specifically prevent you from being able to delete
them. I think the only way you'd be able to delete them would probably be to
mount the drive as a secondary drive to a linux os and use it to delete the
file and I THINK that will work, but other than that, it's very unlikely that
you will be able to find a way to delete the files.
Bruce Dunwiddie
Ticket Technology
P:
866.543.3331
F: 913.451.7832
[EMAIL PROTECTED]
A virus snuck onto our server last night. There
is practicly no trace of it just the fact that in the ftproot folder there
is 2.8 GIGs of info that refuses to delete. It keeps telling me cannot find
specified file. anybody deal with this before?
Adaryl Wakefield
Aviator by
passion
Programmer by sheer force of
will
|
