hey just came back from holiday, our companies server was hacked while i was away, we seem to have a rogue empty folder which contains 4 folders (3 of them are our main sites ones but they dont open - just says path not found) and one which is labelled ' ..... ,,, ;;; ÿÿ T@GG ÿ' which seems to have .rar files called avatar1-18.rar and kleinehart.rar (4 of these), i cant open these files and they seem to have a file size of 0. when they got access they deleted a lot of folders which we restored from backups, had no problems since, just worried why theres now a undeletable empty which was looks like shadowed .rar files in there. any help would be appreciated, interesting thing - if i create a new folder in d drive, it appears in the empty folder as well but wont let me access it. edit: managed to get to the folder via cmd and running dir /x so i can get its ntsf name, it's saying its in use by another process and not allowing me to delete it.

Hi, if your server has been compromised, I advise to reinstall it because, otherwise, you can never be sure of having "clean" it. hth. Edoardo Benussi - Microsoft® MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org

can you (as domain admin or local admin) take ownership of the folder and delete it?

This tool may help you determine what process holds the lock. http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx Also from a command prompt try; del \\.\Drive:\directory\filename (Note: the period between \\ and \) or dir /x and try deleting them using their 8.3 short names. Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]

nope, wont let me delete it that way, just says it cant be find the folder still :/ did a dir /s on it and outputted to a text file, it's almost 9mb and got thousands of folders like "D:\0200~1\ ..... ,,, ;;; ˜˜ T@GG ˜\ ìììdìdìrì˜\ . . com1`+~;˜;~+ï˜\ ;;;;\ 4\ 27\ 30" that seem to have been created in there. along with various rar files. reinstall option (to be safe) looks like the way to go - which is just a bit annoying.

Hi, I understand your current situation, however, with Microsoft support policy, if your computer has virus or be hacked, the only way is reinstall. Thanks for your understanding. Best Regards, Vincent Hu