Have You Been Here?
I'm certain that some of you have had similar attacks. When I searched the web for "FTP and COM1," there are a handful of messages out there about similar incidents. Most of them direct folks to the RMDIR and RM.EXE tools, whereas others said to just format the drive. Formatting the drive was not an option in this case, and I bet it wouldn't be in yours, either. Thanks to the resource kit for takeown.exe, you won't have to.
I encourage you to go have a look at your FTP security. Confirm that anonymous access is turned off. Then, take a look at the amount of free space on your drives. If it looks suspicious, do a search for "Tagged" or drill down through your directory structure. If you find a COM1 folder, you know what to do: Review your security, use the takeown.exe, blow away the directories, and run CHKDSK.
After you're satisfied that your servers are secure, rent yourself a movie starring Julia Roberts. I'm partial to "Pretty Woman," but in remembrance of Deeter and his deleted movies, I rented "Flatliners." Who's got the M&Ms for my popcorn?