Make sure the computer is off line until you get the patches applied - learned this through hard experience! At 03:11 PM 11/1/2001 -0500, you wrote: >Very frustrating. bard.cal.msu.edu is my box. It was hit by nimda in september. >It was formatted and reloaded from a sept 8 backup, fully patched according to >microsoft downloads and yet it has been exploited again. I am obviously missing >something but I don't know what. I had noticed unusual activity and had the box >off the wire before Gene's email went out. I was probed by 210.178.12.111 and >35.8.195.55 but my log shows 404's so I don't know how the heck they got in. >Any help in buttoning this up would be much appreciated. > > >Michael Hoxsey >Network Admin >Arts and Letters > Cheryl Cheryl Akers, MS, CNA - [log in to unmask] Microcomputer Support - Microbiology and Molecular Genetics 153 Giltner Michigan State University East Lansing, MI 48824 517-355-8406