I was recently asked to help out with a local server.. when I got here, I found w2k service pack 4, norton anti-virus up to date, but that was pretty much it.. after running the typical gambit of tools, hijackthis, rootkitdefender, ewido, pest patrol, etc, I found a variety of baddies... backdoor.servU-based, heuristic.win32.morphine-crypted, etc.
now I've killed what I think are the bulk of the baddies, moved this box behind a firewall (and I dont' see any more broadcasts) but I want to track down some of the info on how and/or what this creative little (*#&#$&$#) person had done... in addition to serving as a movie/music server.
when I read the report from rootkitdef I see that there are folders under the winnt\system32\inetsrv folder \mandrake\site etc etc
now I can't see any of these files from explorer or IS I can open a dos prompt and get to them or at least some of them.. there are some that even from dos I get a reply "can't access this directory" not a message saying you miss typed it.. or it doesn't exist... but that even as local admin I apparently don't have authority to it..
I do have all the common settings set for show hidden files.. etc...
any suggestions would be very appreciated...
thanks
Dave