Hacked - Need help asap please. 1

[Tagsley]

Came in this morning and found none of the workstations had access to the W2K Server. Checked the server and was able to log in as several users, but unable to connect to resources.

When logged in as the administrator, I was unable to access the Active Directory, nor was I able to change the share rights on shared directories.

I checked the Security Event log and it appears that someone wiped the Audit log on Friday 7:00pm using an account that had been previously disabled. That account had only basic user access when it was active.

Please help if you know a way for me to-
1. Restore access to the Active Directory so that I can restore user rights, et al. It seems that my Exchange Server and Veritas Backup are also offline due to logon failures.
2. If there is no way for me to gain access to the Active Directory to reset priviledges, do I have to do a full reinstall? I do not have a valid Rdisk /s. I am concerned about being able to bring my Exchange Server up if I have to do a reinstall.
3. Could this have been an external hack job, or is it more likely that someone did it from the server terminal? The server terminal is usually left open.

Thanks in advance for your help. I will check this thread frequently if you have any questions for me.

Mark

 

[Tagsley]

Doomhammur! Wish I could buy you a beer. That is great info, and should help us immensely!

Thanks again to all how have shared their knowledge. All of your input is greatly valued and appreciated.

Mark