As others have pointed out your IIS server got hacked; Exchange itself is probably fine but I would bet your passwords have been compromised.
Back up Exchange and any data you want to keep. Flatten this box, reinstall and put the ding-dang security hotfixes on it before putting it back on the network. Then restore Exchange (the disaster recovery whitepaper will come in handy here). Change ALL your passwords. All of them. I'm not kidding at all: you don't know to what extent your enterprise has been compromised. ----- Original Message ----- From: "Bravo, Liliana" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Thursday, March 14, 2002 11:34 AM Subject: MSX5.5 hacked > HI all > MSX5.5/SP4 > > We have found ftp1.exe, nc.exe and cmd1.exe in c:\inetpub also nc.exe and > ftp1.exe are running in memory. After reading our logfiles those files are > there since Feb 24. Does anybody know what kind of hack is that and how to > get red of those whitout causing any post-hack attack. > > Tia > -er > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
