Re: [Declude.JunkMail] Polish?

[Ryan Hansen]

To be completely clear. You'll need to reinstall the OS as the system I 
had showed multiple files overwritten. You might check to see if IIS has 
been reconfigured and attempt to make an FTP connection to your server 
to see what kind of fun you get into. My bet would be that a rogue FTP 
daemon is running and there are a couple of interesting files available 
for download from it...

If you're going to continue running an Imail version below 8 (which I 
believe fixed this IMAP vulnerability), then you'll need to either block 
or disable IMAP traffic outside of the box itself.

Ryan

Richard Farris wrote:

Have you seen this before? And if so do you have any info on it?

Richard Farris
Ethixs Online
1.270.247.5555 Office
1.800.548.3877 Tech Support
"Crossroads to a Cleaner Internet"

    ----- Original Message -----
    *From:* Tim Moore <mailto:[EMAIL PROTECTED]>
    *To:* Declude.JunkMail@declude.com
    <mailto:Declude.JunkMail@declude.com>
    *Sent:* Friday, February 03, 2006 8:07 PM
    *Subject:* RE: [Declude.JunkMail] Polish?

    Yes you have a virus that has replaced your cmd.exe fille. You can
    replace the cmd.exe with a clean copy (from same os). I would
    reload the system to be sure that there were no hooks left in the
    system if it was mine.
    Tim

    _Tim Moore <blocked::mailto:[EMAIL PROTECTED]>
    _Technical Manager
    Sisna of Spokane and Northern Idaho <blocked::http://www.asisna.com/>

    .
    ------------------------------------------------------------------------
    *From:* [EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>
    [mailto:[EMAIL PROTECTED] *On Behalf Of *Richard
    Farris
    *Sent:* Friday, February 03, 2006 5:03 PM
    *To:* Declude.JunkMail@declude.com
    *Subject:* [Declude.JunkMail] Polish?

    I have a Windows NT box  running 7.11. When I go to the C> and try
    to go to the IMAIL directory (or any other directory) I get
    results below:
     
    C:\>dir
    Nazwa 'dir' nie jest rozpoznawana jako polecenie wewnetrzne lub
    zewnetrzne,
    program wykonywalny lub plik wsadowy.
     
     
    Has anyone ever seen such a thing? It started a few days ago but I
    have no idea what is going on...the box seems to be normal other
    than this...

    Richard Farris
    Ethixs Online
    1.270.247.5555 Office
    1.800.548.3877 Tech Support
    "Crossroads to a Cleaner Internet"

    Richard Farris
    Ethixs Online
    1.270.247.5555 Office
    1.800.548.3877 Tech Support
    "Crossroads to a Cleaner Internet"


---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.