Server Compromised??? Missing 100Gb!!!

[daveah]

Dell Server
Xeon 3.06GHz 1Gb Ram
2x PERC LD PERCRAID SCSI Drives

Disk 0 Basic NTFS 33.86 Gb
3x Partitions
31Mb (EISA Configuration)
15.01Gb C:
18.82Gb D:

Disk 1 Basic NTFS 169.33 Gb
169.33Gb E:

The problem is the E: drive, it has 2 visible and 2 hidden directories:-
E:\Microsoft SQL Server\ (Size On Disk 328,167,424 bytes)

E:\RECYCLER\ (Size On Disk 8,192 bytes)
E:\System Volume Information (Size On Disk 0 bytes)
E:\WUTemp (Size On Disk 0 bytes)

All of which add up to 328,175,616 bytes.

However when I look at the properties for the drive I get this:

Used space : 108,066,578,432 bytes 100Gb
Free space : 73,753,202,688 bytes 68.6Gb
Capacity : 181,819,781,120 bytes 169Gb

WHEREs THAT 100Gb GONE TO!!!!??????

I believe it may have been compromised as it was accidently left outside the firewall for a time and I understand the network logs showing it having some 10Mb/sec traffic with protocols indicating it may have been streaming video/music/etc... (I don't personnally have access to these logs btw).

However, the fact remains theres 100Gb disapeared and I cant see it. Is there someway for me to see this data and verifywhat it is AND where it is and possibly if theres anymore hidden on the other partitions and, god forbid, any other server.

So, pleasepleasepleasepleasepleasepleaseplease heeeelllllllpp Thanking you in advance

Dave

[3fingersalute]

Who has access to the logs? Are you the administrator of the server?

Are you 100% certain that there are no other directories on the root of the E: drive? What about any files on the root of E:? Is view hidden files and folders turned on under the view menu? Also, try unchecking "Hide protected operating system files" from the view menu as well, then open E:, select all, right-click and then properties, what does it show for total size used??

[gazzak]

Have you looked into disk management and see what information that gives you about the drive? Does the system recognise the actual disk size? Is some of it not partitioned?

[daveah]

Who has access to the logs? Are you the administrator of the server?

Are you 100% certain that there are no other directories on the root of the E: drive? What about any files on the root of E:? Is view hidden files and folders turned on under the view menu? Also, try unchecking "Hide protected operating system files" from the view menu as well, then open E:, select all, right-click and then properties, what does it show for total size used??

Yep, I'm the admin.

I've set the Folder Options to show system and hidden files/folders, and no, theres no more files/folders.

As mentioned previously, the drive properties are:-
Used space : 108,066,578,432 bytes 100Gb
Free space : 73,753,202,688 bytes 68.6Gb
Capacity : 181,819,781,120 bytes 169Gb

[daveah]

Have you looked into disk management and see what information that gives you about the drive? Does the system recognise the actual disk size? Is some of it not partitioned?

Yep, the system does see the full, correct size of the disk in Disk Management
Capacity: 169.33
Free space: 68.69Gb

[GreenGrime]

Use a boot CD if you can to take a complete look at that disk outside of Windows.

Ultimate Boot CD has some tools to help you do that.

[gizmo1_1]

The problem is the E: drive, it has 2 visible and 2 hidden directories:-
E:\Microsoft SQL Server\MSSQL\Data (Size On Disk 328,167,424 bytes)

You are indicating the size of the Subdirectory data in this statement. Have you checked the size of E:\Microsoft SQL Server itself

[daveah]

You are indicating the size of the Subdirectory data in this statement. Have you checked the size of E:\Microsoft SQL Server itself

Sorry, my mistake, was intending to show the tree but thought better of it mid-type.

That figure is for the top level directory.
E:\Microsoft SQL Server\ (Size On Disk 328,167,424 bytes)

Now amended

[Garak]

lost and trunacted files would be a cause. how about a chkdsk?