RE: Code red

Mon, 20 Aug 2001 09:45:43 -0700 

But he's apparently seeing it in the logs as well.
Chris, What do the w3svc logs say? Is the attack successful or not?
You can test your server here:
http://www.eeye.com/html/Research/Tools/codered.html




Andy David 
J Muller International




-----Original Message-----
From: Bill Kuhn - MCSE [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 20, 2001 1:02 PM
To: Exchange Discussions
Subject: RE: Code red


Get rid of the Symantec scanner. My dead grandma has a better chance of
telling you accurately whether you have Code Red.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Chris Haaker
Sent: Monday, August 20, 2001 11:56 AM
To: ExchangeList@swynk
Subject: OT: Code red


anyone have an idea that has been working with code red?

I have a win2k server that was infected. I re-formatted all hard drives,
re-installed OS w/SP2 built-in and patched for CR. Within about 10
minutes I
was infected again according to the w3svc log and the symantec scanner
for
code red.

disconnected from network and did same as above. Ran the patch from a
floppy. re-connected to the network, ran the new MS Security scanner at:
www.microsoft.com/technet/mpsa/start.asp and applied all hotfixes there
as
well. Note: I ran the CR hotfix and rebooted before I ever attached to
the
network. 1 hour later CR shows up in the w3svc log again and symantec
scanner says I am infected again.

Ideas?

---------------------------------------------------------
I was thinking about how people seem to read the Bible a whole lot more
as
they get older, then it dawned on me...they were cramming for their
finals...
---------------------------------------------------------


_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

Reply via email to