RE: Code Red Got me

Sat, 18 Aug 2001 13:20:59 -0700

Title: RE: Code Red Got me

Actually yes - that is what is giving me the positives. 

But the server is kinda funky anyway so a reinstall does not worry me too much.  I have been working with PSS for a couple of weeks on a security problem with it as it is - I can't assign permissions graphically - only by using calcs. 

Is there any other tool that I can test - any way to know for sure?

An in place upgrade will most likely fix my PSS/Security problem but if I am infected it would not help that.

I just want to be sure!!!

Jim Zangara, MCSE+I
Special Projects Engineer
Premiere Radio Networks
A Division of Clear Channel Communications
15260 Ventura Blvd Suite 500
Sherman Oaks, CA 91403
Direct: (818) 461-8620
mailto:[EMAIL PROTECTED]




-----Original Message-----
From: Seth M. Kusiak [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 18, 2001 1:39 PM
To: NT System Admin Issues
Subject: Re: Code Red Got me


Your not using the Norton's FixCRed.exe are you? because if you are, the
tool DOES NOT give accurate results.

It told me that a server with IIS NOT EVEN INSTALLED was infected (in
memory). What a crappy tool.

~Seth


Zangara, Jim writes:

> I know I patched this server but I am not taking any more chances.
>
> Hello Folks -
>
> It appears one of my servers got the backdoor worm - I can scan it
> sometimes and it shows clean and other times a memory scan shows an
> infection.  There is no root.exe file anywhere on the server so I am
> not totally convinced but I prefer not to take chances.
>
> I have disabled the www service for now and am backing up my data.  I
> am wondering if there is a way to recover my SAM database without
> running a risk of re-infection?  I can recreate it but it would add
> hours to this and I would prefer not to.  Since I do not know when the
> infection took place I am not sure of a reliable pre-infection backup so I am not even going to
> attempt that route.  
>
> Would an ERD made today have the SAM?  Should I trust it if it does?
>
> The server is a P111 with 2 gigs of ram Win2k SP2 Sql 7 IIS 5 - web
> server - no standalone - no domain.
>
>
> TIA
>
> Jim
>
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Reply via email to