You have but one Choice, Reformat the server. There is no way to be 100% sure that you have cleaned this. I am not joking.
Be sure to search for any good Warez before you reformat. Milton R Dogg Of The Dogg Foundation.. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bravo, Liliana Sent: Thursday, March 14, 2002 9:35 AM To: Exchange Discussions Subject: MSX5.5 hacked Importance: High HI all MSX5.5/SP4 We have found ftp1.exe, nc.exe and cmd1.exe in c:\inetpub also nc.exe and ftp1.exe are running in memory. After reading our logfiles those files are there since Feb 24. Does anybody know what kind of hack is that and how to get red of those whitout causing any post-hack attack. Tia -er _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]