NT4

[BeerAd]

Hey guys, I could really use some of your expertise...

My dialer runs on NT4 and for the life of me I cannot figure out why I am having such an odd ball problem. I have 2 hard drives C: (dialer programs only) and D: (loading leads) which have very little space. For some reason the slave drive(D) has a file folder called oldRecycler and inside of that folder there is a recycle bin that first appears to be empty. When you double click the recycle bin in the folder it shows nothing in it with no hidden files or folders. When you right click on it and go to properties the total size of the bin is 27.2gb and there are close to 4,000 files and 600 folders.

You cannot right click and empty as that option is not able to be clicked cause it is showing as empty. When you delete the actual file folder the entire system crashes and it goes into that weird blue screen dump mode. The name of the recycle bin is also very odd...

S-1-5-21-1465611676-41695981-1722840164-500

Things we have tried...

Delete - crashes computer

Moving it over the network - crashes computer

Installing AVG - AVG wont work with NT4

Unlocker - Will not work with NT4(and now will not remove )

Lavasoft - Will not work with NT4


Please one of you masterminds help me out, I am dying . My dialer creates log files and I only have ~3gb left to work with. So every other day I run out of space and none of my dialing programs will even start. This is all proprietary software and I cannot just simply reformat or change the operating system. I talked to the guy who wrote the programs and built the dialer but he said it shouldnt be there/he has no clue.

Thanks for listening!

 

[Syrup Beaver]

That name format is normal. (S-1-5-21-1465611676-41695981-1722840164-500)

Usually you can just delete them with Shift+Del

 

[ERage]

someone hacked your shit. open a command window and navigate to the recycler folder and do a dir lookup and you'll see files that have names that are invalid for windows...thus hiding them from windows but not the DOS Shell.

They are also horribly difficult to get rid of unless you can easily reformat the drive and backup your other stuff.

Also, keep in mind, hackers will usually nest 5, 10 or even 20 of those invalid named folders and the file will live somewhere at the bottom. Dig down into one in the command window and you'll see what I mean.


When this happened to me I got some really good porn out of it though. Those guys were uploading the good stuff lol

 

[JAXvillain]

wow, I haven't seen nt4 in 9 years

 

[ERage]

wow, I haven't seen nt4 in 9 years

Our genius IT dept. here still has 100 people logging into a domain hosted by a NT4 box. It's crazy up in here.

 

[BeerAd]

someone hacked your shit. open a command window and navigate to the recycler folder and do a dir lookup and you'll see files that have names that are invalid for windows...thus hiding them from windows but not the DOS Shell.

They are also horribly difficult to get rid of unless you can easily reformat the drive and backup your other stuff.

Also, keep in mind, hackers will usually nest 5, 10 or even 20 of those invalid named folders and the file will live somewhere at the bottom. Dig down into one in the command window and you'll see what I mean.


When this happened to me I got some really good porn out of it though. Those guys were uploading the good stuff lol

Dir lookup shows 2 files and it will not delete in DOS Shell either. It acts as if it is deleting it but does not(also doesn't crash though). Either way you cant even view the files from the DOS Shell, it acts like they are not there. I should have put that in the OP, sorry

 

[BeerAd]

That name format is normal. (S-1-5-21-1465611676-41695981-1722840164-500)

Usually you can just delete them with Shift+Del

I have not tried Shift+Del but I am fearful I will just crash again and my employees will be fooked

 

[BeerAd]

wow, I haven't seen nt4 in 9 years

Our genius IT dept. here still has 100 people logging into a domain hosted by a NT4 box. It's crazy up in here.

Most dialers still use NT4

 

[Syrup Beaver]

dir /ah /s

 

[Syrup Beaver]

wow, I haven't seen nt4 in 9 years

It's only been about 6 for me

I still have my NT 4 Server, Workstation, and Enterprise MCP certs in one of my cubicle drawers

 

[ERage]

Dir lookup shows 2 files and it will not delete in DOS Shell either. It acts as if it is deleting it but does not(also doesn't crash though). Either way you cant even view the files from the DOS Shell, it acts like they are not there. I should have put that in the OP, sorry

It still sounds to me like you got hacked. The recycler folder is a commonly used folder for hackers to hide stuff in because it is always there, they know what it is called on any machine, and most users don't know to look for it as being the guilty party for why a drive is full.

Do you log file use on the machine? If so look at some stats and see how it's being used. There is no valid process that would be filling the recycler up with that many folders and files...it's got to be a hackers.

 

[BeerAd]

It still sounds to me like you got hacked. The recycler folder is a commonly used folder for hackers to hide stuff in because it is always there, they know what it is called on any machine, and most users don't know to look for it as being the guilty party for why a drive is full.

Do you log file use on the machine? If so look at some stats and see how it's being used. There is no valid process that would be filling the recycler up with that many folders and files...it's got to be a hackers.

Oh I am 99% sure you are right and that is why we tried AVG + Ad Aware(told us to do so when searching for problem) but they do not work with server based OS.

I just cant figure out how in the hell to get rid of the haxxors

I am not sure if we log file use, how do I tell?

 

[ERage]

Oh I am 99% sure you are right and that is why we tried AVG + Ad Aware(told us to do so when searching for problem) but they do not work with server based OS.

I just cant figure out how in the hell to get rid of the haxxors

I am not sure if we log file use, how do I tell?

would be set up in the server to do logging...i have no recollection of how that might be in NT4 though

As for getting rid of the hackers...as it was suggested to me on this forum a few years ago when I encountered this same problem: "Reformat and rebuild the machine from scratch...but do it better. Make sure that security is as tight as it can be."

I'll look for the thread where I was asking about this same thing years ago.


EDITED: Here you go, check this thread out: http://www.uselessforums.com/showthread.php?t=5556

Once a hacker is in, there is no way to tell if you have really completely cleaned them out. You just gotta wipe it all and start over.

 

[BeerAd]

would be set up in the server to do logging...i have no recollection of how that might be in NT4 though

As for getting rid of the hackers...as it was suggested to me on this forum a few years ago when I encountered this same problem: "Reformat and rebuild the machine from scratch...but do it better. Make sure that security is as tight as it can be."

I'll look for the thread where I was asking about this same thing years ago.


EDITED: Here you go, check this thread out: http://www.uselessforums.com/showthread.php?t=5556

Once a hacker is in, there is no way to tell if you have really completely cleaned them out. You just gotta wipe it all and start over.

I dont have the 10k to spend to do that right now

Looks like I am stuck with the hackers but I will review your thread, hope I can find sumtin.

 

[ERage]

I dont have the 10k to spend to do that right now

Looks like I am stuck with the hackers but I will review your thread, hope I can find sumtin.

You don't need 10k to reformat and redo the machine...you just need to backup your files & programs, your windows server disks, and some free time.

Just reformat that bitch and get it set up more secure the next time around. I didn't want to do it either but I'm glad I took that advice.

 

[Mean Mr. Mustard]

You cant just format and reinstall everything?

Youd be down for a day but at least the fgts would be out.

 

[ERage]

Keep all mexican donkey porn for sharing later. My hackers did not provide last time, maybe yours did

 

[BeerAd]

You cant just format and reinstall everything?

Youd be down for a day but at least the fgts would be out.

Its all proprietary software that requires a service agreement with the dialer guy, we get no original disks. Since the previous owner decided to be a cheap jackass we do not have a service agreement with him and he will not help us.

 

[ERage]

Its all proprietary software that requires a service agreement with the dialer guy, we get no original disks. Since the previous owner decided to be a cheap jackass we do not have a service agreement with him and he will not help us.

yuck, that sucks dude. Okay....well you could try port scanning to see where traffic is coming and going. Try using a firewall to block any unnecessary ports.

Then try to get that recycler folder cleaned out

 

[BeerAd]

You don't need 10k to reformat and redo the machine...you just need to backup your files & programs, your windows server disks, and some free time.

Just reformat that bitch and get it set up more secure the next time around. I didn't want to do it either but I'm glad I took that advice.

Hrmmmmmm

I will let my dialer guy know and see what we can do. If we lose one of the programs though the dialer will not run and I will have to close the room... I dunno if the risk is worth the reward