Security Incidents mailing list archives
Re: Corrupted Directories, Intrusions, and Nimda Oh MY
From: "Lew E. Lefton" <llefton () math gatech edu>
Date: Thu, 8 Nov 2001 23:38:30 -0500 (EST)
I don't know if this will work, but you may try installing Cygwin (a Unix environment on Windows). Then from a bash shell type rm -rf c:\tree\to\erase Better yet, you should probably reinstall everything on a freshly formatted drive from original media. Then restore your own files from a trusted (pre-nimda) backup. Otherwise, who knows what other "goodies" are hidden around your system now (keystroke sniffers, etc.) Good Luck, Lew Lefton ----------------------------------------------------------------------- | Lew Lefton, IT Director | Phone: (404) 385-0052 | | School of Mathematics | FAX: (404) 894-4409 | | Georgia Institute of Technology | e-mail: llefton () math gatech edu | | Atlanta, GA 30332-0160 | http://www.math.gatech.edu/~llefton | ----------------------------------------------------------------------- On Thu, 8 Nov 2001, Drew E. Gilkey wrote:
Went on vacation for a week, come back to see that my email server is reporting that its comepletely full. Look a little deeper into it and I see that people have uploaded tons of MP3's, Warez, etc.. Wondering how they got in I start to do a virus scan and bam... Nimda was found... Unfortunately now I have tons of files on my system that cannot seemingly be removed... 2000 thinks they dont exist, yet they do and they are taking up disk space.. I have managed to get one of the directories removed but the other ones contained tons of locked files, weird directory structures that make the system think that the files nor directory dont exist, plus permission problems... Anyone got a tool that will allow me to just delete the directory and all the subdirectories this stuff is in? Or any advice.. I have tried using the ASCII characters, etc.. but I just cant seem to get them to delete.. I can access the folders via FTP, but when i try to delete them the OS cannot, not can I download anything in the folder. --Drew Gilkey Dgilkey () libenn com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Corrupted Directories, Intrusions, and Nimda Oh MY Drew E. Gilkey (Nov 08)
- Re: Corrupted Directories, Intrusions, and Nimda Oh MY Lew E. Lefton (Nov 08)
- Re: Corrupted Directories, Intrusions, and Nimda Oh MY Mike Lewinski (Nov 09)
- Re: Corrupted Directories, Intrusions, and Nimda Oh MY Mike Shaw (Nov 09)