Probably just a hacker using one of the many known IIS holes to hack your system. It's been thoroughly violated. The cmd.exe exploit (i'd bet ftp1.exe is cmd renamed) and use of nc.exe are kind of outlined in this short article http://www.eeye.com/html/Research/Papers/DS19981129.html.
Good luck. -----Original Message----- From: Bravo, Liliana [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 14, 2002 12:35 PM To: Exchange Discussions Subject: MSX5.5 hacked Importance: High HI all MSX5.5/SP4 We have found ftp1.exe, nc.exe and cmd1.exe in c:\inetpub also nc.exe and ftp1.exe are running in memory. After reading our logfiles those files are there since Feb 24. Does anybody know what kind of hack is that and how to get red of those whitout causing any post-hack attack. Tia -er _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]