Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HACKED Directory Structure/TAble


  • Please log in to reply
6 replies to this topic

#1 citadelitg

citadelitg

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 21 May 2014 - 09:25 AM

My Directory structure has been completely lost, within the command prompt as well as file explorer, No matter what folder I go into, I get all folders and files, I even see all hidden files and system files. It is basically impossible to even figure out what to copy out of the server to move the files I need. It looks like someone hacked my server and screwed up the FAT table or Directory table. Can anyone help? Take a look at the attached

Attached Files



BC AdBot (Login to Remove)

 


#2 jleydon

jleydon

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 21 May 2014 - 10:44 AM

Wow. How about restoring from a backup?



#3 citadelitg

citadelitg
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 21 May 2014 - 10:46 AM

Unfortunately, My backup is only one week old, and this happened before that.



#4 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:12:35 PM

Posted 21 May 2014 - 08:56 PM

You could try running a powershell script to determine which file was created aroudn the time of the infection/hack. Then just iterate threw them and delete the ones you dont need.

 

Powershell command would look somethign like this

Get-ChildItem "C:\SomeFoldernameHere" -Recurse | Where-Object {!$_.PSIsContainer} | Select-Object @{Name="Name";Expression={$_.FullName}}, @{Name="CreationTime";Expression={$_.CreationTime}}, @{Name="LastWriteTime";Expression={$_.LastWriteTime}} | Export-Csv C:\FileDateChanges.csv -NoTypeInformation


#5 citadelitg

citadelitg
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 22 May 2014 - 09:18 AM

I need to rebuild the MFT, does anyone know how to do it?



#6 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:03:35 AM

Posted 22 May 2014 - 12:44 PM

Run "chkdsk /f" from a command prompt or "Check the drive for errors" from the tools properties page of the drive properties is probably the best that you can do.

 

It looks like you have quite a mess - The chkdsk may help, but it could also do more damage or render the system unbootable, so if you can back up any data beforehand, so so.



#7 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:12:35 PM

Posted 23 May 2014 - 01:28 AM

I need to rebuild the MFT, does anyone know how to do it?

if you defragg or touch the MFT, i would pretty much guess you could say good bye to the directory tree as well.

You could try the chkdsk /f /r C: option but i would close it first.

Shame you couldnt utilize VSS.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users