Gary
Wed Dec 03 15:38:00 CST 2003
I have the Resource Kit and the Supplement 1 CD. I think both are worth the
money. I've learned a lot by reading these books. The Supplement 1 CD has
a lot of tools in it. If you aren't a programmer, like me, it is pretty
handy to have these tools available.
The Posix tools alone can do some pretty interesting things. I've created,
and removed, folders using restricted names such as COM 1. One caveat here
though about Posix is that you will have to learn how to use them by
Googling. Microsoft does not document this much at all. There is only one
KB article that I know of from Microsoft documenting how to do anything with
them.
To tell the truth I'd be really leary of trusting any box that has been
hacked. You never know where a hacker has stored things. Unless you have a
way of testing each and every file on that machine against files that you
know have never been on a compromised machine you'll never know for sure if
you are clean or not. That takes so much time that it is easier and faster
to just completely wipe it out and start over.
You might also download LADS.exe and use it to see if the bad guy placed any
files in the NTFS alternate data streams. If you haven't seen this before
it's really easy to use and there are a couple of good web pages on it you
can find using Google.
"SWE" <me@privacy.net> wrote in message
news:bql46v$24ikc5$1@ID-206398.news.uni-berlin.de...
> We don't have the WIN2K Server Resource Kit, is it worth getting it in
> addition to Supplement 1, or does Supplement 1 include everything that's
in
> the plain old Resource Kit? Can't tell by reading up on it.
>
>
http://www.microsoft.com/windows2000/techinfo/reskit/default.asp
>
> "Gary K" <dabigfinndog@nospam.icqmail.com> wrote in message
> news:eS3ayxWuDHA.2444@TK2MSFTNGP12.phx.gbl...
> > Have you tried the Posix tools supplied in the Win 2K Server Resource
Kit
> > Supplement 1 CD for removing the folders and files? Posix may do the
job
> > for you.
> >
> >
> > "SWE" <me@privacy.net> wrote in message
> > news:bqj570$23koou$1@ID-206398.news.uni-berlin.de...
> > > Does anybody know where to find Norton Disk Doctor? Someone hacked our
> > > webserver and we've been told by Dell that the only way to remove them
> is
> > to
> > > reformat the drive which really isn't an option right now. Can't take
> > > ownership of the files, can't delete them. Someone recommended Norton
> Disk
> > > Doctor to me, but when I look for it on the Symantec site, it only
shows
> > up
> > > under Mac products which doesn't apply here.
> > >
> > > Any thoughts?
>
>