Hello,
The file should be 'notworm' not 'noworm'...
As you can see here:
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/itsolutions/security/news/w2ksp2.asp
the MS01-033 patch is not included in SP2.
--
Regards,
Terrence Koeman
Technical Director/Administrator
MediaMonks B.V. (www.mediamonks.nl)
Please quote all replies in correspondence.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of ChrisWeeks
> Sent: Saturday, July 21, 2001 00:43
> To: [EMAIL PROTECTED]
> Subject: RE: [IMail Forum] IIS 5 - Chinese Worm
>
>
> Thank you for the truth.
> Any one, this is what is going on .
> I did the same thing to be sure. (created a file called noworm
> just to be safe.)
> You seem to know what is up, so a question. Does 2000 SP2
> contiain the ms01-033 patch?
> I was one of the lammers that missed the patch, due to politics I
> could not install SP2 and missed the advert. (I troll microsoft
> and various hacker news groups but missed it) but thanks to the
> other guy (rick) I have subscribed to Microsofts auto alerts.
>
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Terrence Koeman
> Sent: Friday, July 20, 2001 3:14 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [IMail Forum] IIS 5 - Chinese Worm
>
>
> 1) The www.worms.com website is not down.
> 2) The www.worms.com website has absolutely nothing to do with
> the "Code Red" worm.
> 3) The "Code Red" worm does not connect to or redirect to the
> www.worms.com website.
>
> Patch your server:
>
> 1) If you are not using the .idq extention, you should have
> removed the mapping directly after the installation of IIS.
> 2) If for some reason you were too lame to do so or you are using
> the .idq extention, you should have installed the patch over a month ago.
> 3) If for some reason you were too lame to do so, install the
> patch from Microsoft and reboot your server. Rebooting will
> effectively kill the worm, as it's only stored in memory. The
> patch will prevent your system from being infected again.
> 4) For extra security, create a file "c:\notworm" (no extention).
> The worm checks for this file, and if present ceases to function.
> (Does not infect other machines and does not deface the sites on
> the server).
>
> --
> Regards,
>
> Terrence Koeman
>
> Technical Director/Administrator
> MediaMonks B.V. (www.mediamonks.nl)
>
> Please quote all replies in correspondence.
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of NetQuick Mail
> > Administrator
> > Sent: Friday, July 20, 2001 21:57
> > To: [EMAIL PROTECTED]
> > Subject: Re: [IMail Forum] IIS 5 - Chinese Worm
> >
> >
> > That website has been taken down by the service provider.
> >
> > Kevin Childers
> >
> > It's like I've always said, "You can get
> > more with a kind word and a two by four,
> > than you can get with just a kind word."
> >
> >
> > ----- Original Message -----
> > From: "T. Bradley Dean" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, July 19, 2001 9:15 PM
> > Subject: RE: [IMail Forum] IIS 5 - Chinese Worm
> >
> >
> > >My question is, the patch updates idq.dll. How did this get rid of the
> > redirection to the www.worms.com page?
> >
> > It didn't. Rebooting gets rid of the worm, it's only stored in
> memory. But
> > the patch is needed so you don't get the worm back in a few hours.
> >
> >
> > ~Brad
> > -----Original Message-----
> > From: Adrian Henderson
> > [mailto:[EMAIL PROTECTED]]On Behalf
> > Of Adrian Henderson
> > Sent: Thursday, July 19, 2001 4:39 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [IMail Forum] IIS 5 - Chinese Worm
> >
> >
> > I was hit too, but I have many questions as to how it started and works?
> >
> > I applied the patch and I can now get into my exchange server OWA.
> >
> > The thing is, we have 7 web services running on iis5, the
> default doesn't
> > have a web page in it, but exchange 2000 runs off of it in a
> subdir, thats
> > how we found out we got hit. The thing is, that it doesn't
> > affect other web
> > sites running on that server, except for the default so it
> would appear in
> > our case anyways.
> >
> > My question is, the patch updates idq.dll. How did this get rid of the
> > redirection to the www.worms.com page? I have scanned the system
> > for virii,
> > and its clean. Are we to assume that it is no longer sending
> out requests
> > too? All the web pages are quite vague on this, other than how
> it works.
> > It just seems very weird. Most worms/virii start witha file
> that infects,
> > but I guess this is one that is exploited from another server?
> > ANy insight
> > would be much appreciated.
> >
> > FWIW, MS should reissue the bulletin regarding this new worm, and
> > how their
> > previous fix which only tlaks about Index server, can avoid thi
> > these worms.
> >
> >
> > -----Original Message-----
> > From: Jeff Kratka
> > Sent: Thu 7/19/2001 6:48 PM
> > To: [EMAIL PROTECTED]
> > Cc:
> > Subject: Re: [IMail Forum] IIS 5 - Chinese Worm
> >
> >
> > The patch does work, it hit my server this AM also. I'm running
> > IIS5. Works
> > fine now.
> >
> > Jeff
> > ******************************************************************
> > TymeWyse Internet
> > P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417
> > tel/fax: (541) 839-6027 - [EMAIL PROTECTED]
> > ******************************************************************
> >
> >
> >
> > Please visit http://www.ipswitch.com/support/mailing-lists.html
> > to be removed from this list.
> >
> > An Archive of this list is available at:
> > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >
> >
> >
> > Please visit http://www.ipswitch.com/support/mailing-lists.html
> > to be removed from this list.
> >
> > An Archive of this list is available at:
> > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
smime.p7s
