Try applying the rollup hotfix that was released in August which had almost
all of the previous hotfixes included in it. If you don't apply the relevant
patches your server will be infected again.
Further, once your server has been compromised you really do need to
reinstall it. You will never know whatelse the worm, or someone else using
that hole have done to your server beyond the obvious. The only way to be
sure it is clean is to re-install and ensure that when you do your service
packs and hotfixes are completely up to date.
Phil
> -----Original Message-----
> From: John Bricher [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 1:33 PM
> To: Exchange Discussions
> Subject: RE: New Virus / Worm ??
>
>
> On the servers that were infected at our company, we found a
> mmc.exe that
> was running in c:\winnt. This appeared to be regenerating
> the readme.eml
> files. We killed the process, deleted the file, and deleted
> the .eml files.
> This appears to have worked for now.
>
> Not sure how to stop it from happening again.
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
