RE: Code red

Mon, 20 Aug 2001 09:54:04 -0700 

You may also want to install the "roll up" IIS hotfix now out.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS01-044.asp

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Bill Kuhn -
MCSE
Sent: Monday, August 20, 2001 10:02 AM
To: Exchange Discussions
Subject: RE: Code red


Get rid of the Symantec scanner. My dead grandma has a better chance of
telling you accurately whether you have Code Red.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Chris Haaker
Sent: Monday, August 20, 2001 11:56 AM
To: ExchangeList@swynk
Subject: OT: Code red


anyone have an idea that has been working with code red?

I have a win2k server that was infected. I re-formatted all hard drives,
re-installed OS w/SP2 built-in and patched for CR. Within about 10
minutes I was infected again according to the w3svc log and the symantec
scanner for code red.

disconnected from network and did same as above. Ran the patch from a
floppy. re-connected to the network, ran the new MS Security scanner at:
www.microsoft.com/technet/mpsa/start.asp and applied all hotfixes there
as well. Note: I ran the CR hotfix and rebooted before I ever attached
to the network. 1 hour later CR shows up in the w3svc log again and
symantec scanner says I am infected again.

Ideas?

---------------------------------------------------------
I was thinking about how people seem to read the Bible a whole lot more
as they get older, then it dawned on me...they were cramming for their
finals...
---------------------------------------------------------


_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]


_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

Reply via email to