Re: Corrupted Directories, Intrusions, and Nimda Oh MY

From: Lew E. Lefton (lleftonat_private)
Date: Thu Nov 08 2001 - 20:38:30 PST

Next message: Mike Lewinski: "Re: Corrupted Directories, Intrusions, and Nimda Oh MY"

Previous message: Drew E. Gilkey: "Corrupted Directories, Intrusions, and Nimda Oh MY"
In reply to: Drew E. Gilkey: "Corrupted Directories, Intrusions, and Nimda Oh MY"
Next in thread: H C: "Re: Corrupted Directories, Intrusions, and Nimda Oh MY"
Next in thread: Mike Lewinski: "Re: Corrupted Directories, Intrusions, and Nimda Oh MY"
Reply: H C: "Re: Corrupted Directories, Intrusions, and Nimda Oh MY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I don't know if this will work, but you may try installing Cygwin (a Unix
environment on Windows).  Then from a bash shell type 

  rm -rf c:\tree\to\erase

Better yet, you should probably reinstall everything on a freshly
formatted drive from original media.  Then restore your own files from a
trusted (pre-nimda) backup.  Otherwise, who knows what other "goodies" are
hidden around your system now (keystroke sniffers, etc.)

Good Luck,
Lew Lefton

 -----------------------------------------------------------------------
| Lew Lefton, IT Director         | Phone:     (404) 385-0052           |
| School of Mathematics           | FAX:       (404) 894-4409           |
| Georgia Institute of Technology | e-mail:    lleftonat_private  |
| Atlanta, GA  30332-0160         | http://www.math.gatech.edu/~llefton |
 -----------------------------------------------------------------------

On Thu, 8 Nov 2001, Drew E. Gilkey wrote:

> Went on vacation for a week, come back to see that my email server is
> reporting that its comepletely full. Look a little deeper into it and I
> see that people have uploaded tons of MP3's, Warez, etc.. Wondering how
> they got in I start to do a virus scan and bam... Nimda was found...
> Unfortunately now I have tons of files on my system that cannot
> seemingly be removed... 2000 thinks they dont exist, yet they do and
> they are taking up disk space.. I have managed to get one of the
> directories removed but the other ones contained tons of locked files,
> weird directory structures that make the system think that the files nor
> directory dont exist, plus permission problems... Anyone got a tool that
> will allow me to just delete the directory and all the subdirectories
> this stuff is in? Or any advice.. I have tried using the ASCII
> characters, etc.. but I just cant seem to get them to delete.. I can
> access the folders via FTP, but when i try to delete them the OS cannot,
> not can I download anything in the folder.
>  
> --Drew Gilkey
> Dgilkeyat_private
> 



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Mike Lewinski: "Re: Corrupted Directories, Intrusions, and Nimda Oh MY"
Previous message: Drew E. Gilkey: "Corrupted Directories, Intrusions, and Nimda Oh MY"
In reply to: Drew E. Gilkey: "Corrupted Directories, Intrusions, and Nimda Oh MY"
Next in thread: H C: "Re: Corrupted Directories, Intrusions, and Nimda Oh MY"
Next in thread: Mike Lewinski: "Re: Corrupted Directories, Intrusions, and Nimda Oh MY"
Reply: H C: "Re: Corrupted Directories, Intrusions, and Nimda Oh MY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 08 2001 - 22:46:17 PST