> I wouldn't go by such anecdotal evidence as shutdown/reboot > times. Check > your event viewer logs for RPC/DCOM errors, monitor your > network traffic, > check for the suspicious files on the systems, scan for the > ports opened by > the worm, etc....
I would. Unfortunately, these are customer systems. We're an ISP. So whatever survives the filter (Machine)->(customer-brain)->(hotline)->(me) is what I have. Tom Vogt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
