MSUNAG Archives

MSUNAG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave MSUNAG
Reply | Post New Message
Search Archives


Subject: Re: nimda-e worm
From: David Vietti <[log in to unmask]>
Reply-To:MSU Network Administrators Group <[log in to unmask]>
Date:Thu, 1 Nov 2001 16:11:22 -0500
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (19 lines) 


If this is an IIS server and was previously infected with CodeRed, it can still be hacked into even if the patches are current.  Look for root.exe in the inetpub\scripts directory.

Symantec's site has removal instructions if that's your problem.



>>> [log in to unmask] 11/01/01 03:11PM >>>
Very frustrating. bard.cal.msu.edu is my box. It was hit by nimda in september.
It was formatted and reloaded from a sept 8 backup, fully patched according to
microsoft downloads and yet it has been exploited again. I am obviously missing
something but I don't know what. I had noticed unusual activity and had the box
off the wire before Gene's email went out. I was probed by 210.178.12.111 and
35.8.195.55 but my log shows 404's so I don't know how the heck they got in.
Any help in buttoning this up would be much appreciated.


Michael Hoxsey
Network Admin
Arts and Letters

Back to: Top of Message | Previous Page | Main MSUNAG Page

Permalink


LIST.MSU.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager