Bryan: See: http://www.xs4all.nl/~liew/startdivx/endofdeleters.txt This'll make your hair stand on end. A warez-k1dd13 manual about how to create undeletable directories on Windows boxes, all for the purpose of doing just exactly what's been done to you: set up a (potential) warez site. Hopefully here you will find information that will let you reverse the process... Afterwords, see: http://ph.members.tripodasia.com/chisholm6707/sites02.09.2001.txt for one listing of sites that have been warez-ed... HTH.. - John Bryan Smith wrote: > I had opened anonymous FTP on my workstation at my office as a > convenience to myself and fellow research partners. It allowed write > access, but I keep a close eye on it and haven't had any problems until > today. This way we're not sending unencrypted passwords across the > network. > > The machine is WindowsXP Prof, running the included FTP server. Today > in one of the directories I find this > > /.tagged/~/.scanned/by/NTVM/com1 > > I immediately turned off the FTP service and disabled the IUSR account. > At first glance it just seems that my box was found through some > scanning and marked as a possible warez dump site. > > Also, now that I would like to clean this up, I find that I cannot > delete the folder "com1". No ACL information is found in the properties > for the directory and it's not read-only. Somehow the tool created a > "permanent" folder. > > What can be done to clean this up? > > Also, for those that may have ran into this before - has anything else > been found that should also be taken into consideration? > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Dec 10 2001 - 08:27:32 PST