Re: [Declude.JunkMail] Polish?

[Ryan Hansen]

I saw it on a box running 7.15

It's a hack due to an IMAP vulnerability. You'll probably need to block
143 on your external interface unless you want to shutdown the IMAP
service all together. Blocking externally will allow webmail to function.

Richard Farris wrote:

Have you seen this before? And if so do you have any info on it?

Richard Farris
Ethixs Online
1.270.247.5555 Office
1.800.548.3877 Tech Support
"Crossroads to a Cleaner Internet"

    ----- Original Message -----
    *From:* Tim Moore <mailto:[EMAIL PROTECTED]>
    *To:* Declude.JunkMail@declude.com
    <mailto:Declude.JunkMail@declude.com>
    *Sent:* Friday, February 03, 2006 8:07 PM
    *Subject:* RE: [Declude.JunkMail] Polish?

    Yes you have a virus that has replaced your cmd.exe fille. You can
    replace the cmd.exe with a clean copy (from same os). I would
    reload the system to be sure that there were no hooks left in the
    system if it was mine.
    Tim

    _Tim Moore <blocked::mailto:[EMAIL PROTECTED]>
    _Technical Manager
    Sisna of Spokane and Northern Idaho <blocked::http://www.asisna.com/>

    .
    ------------------------------------------------------------------------
    *From:* [EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>
    [mailto:[EMAIL PROTECTED] *On Behalf Of *Richard
    Farris
    *Sent:* Friday, February 03, 2006 5:03 PM
    *To:* Declude.JunkMail@declude.com
    *Subject:* [Declude.JunkMail] Polish?

    I have a Windows NT box  running 7.11. When I go to the C> and try
    to go to the IMAIL directory (or any other directory) I get
    results below:

C:\>dir

    Nazwa 'dir' nie jest rozpoznawana jako polecenie wewnetrzne lub
    zewnetrzne,
    program wykonywalny lub plik wsadowy.

Has anyone ever seen such a thing? It started a few days ago but I

    have no idea what is going on...the box seems to be normal other
    than this...

    Richard Farris
    Ethixs Online
    1.270.247.5555 Office
    1.800.548.3877 Tech Support
    "Crossroads to a Cleaner Internet"

    Richard Farris
    Ethixs Online
    1.270.247.5555 Office
    1.800.548.3877 Tech Support
    "Crossroads to a Cleaner Internet"

---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.