I'm sure you have already checked this, but just in case. Look at all your
other servers and make sure they are not running IIS. If they are patch
them to...they can continually infect each other.
Nancy
-----Original Message-----
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 20, 2001 1:08 PM
To: Exchange Discussions
Subject: RE: Code red
You may also want to install the "roll up" IIS hotfix now out.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS01-044.asp
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Bill Kuhn -
MCSE
Sent: Monday, August 20, 2001 10:02 AM
To: Exchange Discussions
Subject: RE: Code red
Get rid of the Symantec scanner. My dead grandma has a better chance of
telling you accurately whether you have Code Red.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Chris Haaker
Sent: Monday, August 20, 2001 11:56 AM
To: ExchangeList@swynk
Subject: OT: Code red
anyone have an idea that has been working with code red?
I have a win2k server that was infected. I re-formatted all hard drives,
re-installed OS w/SP2 built-in and patched for CR. Within about 10
minutes I was infected again according to the w3svc log and the symantec
scanner for code red.
disconnected from network and did same as above. Ran the patch from a
floppy. re-connected to the network, ran the new MS Security scanner at:
www.microsoft.com/technet/mpsa/start.asp and applied all hotfixes there
as well. Note: I ran the CR hotfix and rebooted before I ever attached
to the network. 1 hour later CR shows up in the w3svc log again and
symantec scanner says I am infected again.
Ideas?
---------------------------------------------------------
I was thinking about how people seem to read the Bible a whole lot more
as they get older, then it dawned on me...they were cramming for their
finals...
---------------------------------------------------------
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
