|
James, Here is a
description of the damage it causes: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_NIMDA.A Also look
for Admin.dll, root.exe and lots of files in the %systemdrive%\Inetpub\Scripts
directory that begin with TFTP. This is by no means all the things necessary to
look for but should point you in the right direction. Chris Bodnar The Lehigh Group 610-966-9702 X:134 -----Original
Message----- Hi everyone,
I am a newer member to this list and enjoy all the good information everyone
shares. I got an
e-mail from our admin at another location looking for advice. I believe he
is running IIS 4 on a NT 4 box without the current security patches. If
a NAV Corporate edition scan doesn't come up with anything,
what files, entries, accounts etc. should I look for after patching
the server to be sure it isn't compromised? Thanks in
advance for any help James Corlew
Get your FREE
download of MSN Explorer at http://explorer.msn.com http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english |
- Re: What to check if my IIS server has been compromised. Kelly Borndale
- What to check if my IIS server has been compromised... James Corlew
- RE: What to check if my IIS server has been comprom... Chris Bodnar
- RE: What to check if my IIS server has been comprom... Martin Blackstone
- RE: What to check if my IIS server has been comprom... Jim Holmgren
