I published this to a Windows Support group and have got zilch in the way of replies - this seems to be the best group I've found so far and am hoping someone may be able to help with this problem I have.
I have just patched up a client server after its security was compromised but have am unable to open the add/remove programs applet from the control panel. The mouse icon briefly flickers then does nothing. I don't really have the option of rebuilding this system so would really like to fix this.
This is a Windows 2000 Server running SP4 and IIS 5 - this hosts their website to the outside world and is most likely how the hackers got in.
The initial hack was in the form of r_server.exe running as a service, I've seen this before so know it's a form of remote control. The server also had a second service - qostcp... (I can't quite remember the exact name), this was listening on port 443 preventing their usual ssl site from working.
All this was pretty simple to clean off although I'd love to know the specifics on how they got them on there! The bit that is stumping me right now is the add/remove programs applet, I'm guessing they've (the hacker) locked this down somehow. I've tried re-registering related .dll files but have got nowhere.
If anyone has seen this problem or any ideas and can help with this it would be greatly appreciated. Also, if anyone knows more information on how they got the remote control on the server that would be really useful to have for securing this.
Kind regards Alastair