BAckdoor and hacked ftp files in invisible folders

Discussion in 'malware problems & news' started by skullster, Apr 13, 2006.

Thread Status:
Not open for further replies.
  1. skullster

    skullster Registered Member

    Apr 13, 2006
    Hi Folks

    My webserver was hacked and although I have cleaned all the ftp files vaious antispyware software has revealed Wiback and mroot.sys. These are located in hidden directories. By locating some of the hackers log and ini files Ihave managed to remove some of these by typing in the path in dos and FTP software. But there are still hidden folders and files in some locations and without knowing their names its seems impossible to see them.

    Can any one help me make these folder visible? (btw I have tried Explorer show all files etc, attrib from DOS, Ztree etc - Security task manager tells me mroot.exe is running but it cannot close it due to the fact the location seems not to exist.
  2. StevieO

    StevieO Registered Member

    Feb 2, 2006

    Searching for hidden files can be very difficult, but fortunately there are a number of solutions to help.

    F-Secure BlackLight Rootkit Elimination Technology Free -

    RootkitRevealer an advanced rootkit detection utility Free -

    IceSword the Highly acclaimed RK Detector - IceSword 1.12 English version Free -

    Also you might some of the Find Hidden files/process Apps in this thread useful - - Most of them are Free too !

  3. controler

    controler Guest

    Two other programs I would add are Process Explorer and Autoruns by
    Sysinternals. In Autoruns look at drivers and you may see some with no discription. Also look at the services.

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.