Hi,
I am evaluating Webtrends Log Analyzer and found this in the reports.
Is this indicative of infection or failed attemps to infect?
Page Not Found (404) Errors
Target URL and Referrer Hits % of 404 Hits
/winnt/system32/cmd.exe
(no referrer) 74 22.42%
/MSADC/root.exe
(no referrer) 45 13.63%
/scripts/root.exe
(no referrer) 45 13.63%
/c/winnt/system32/cmd.exe
(no referrer) 43 13.03%
/d/winnt/system32/cmd.exe
(no referrer) 42 12.72%
/_mem_bin/..\../..\../..\../ winnt/system32/cmd.exe
(no referrer) 41 12.42%
/scripts/winnt/system32/ cmd.exe
(no referrer) 38 11.51%
/images/Default3_r3_c5_f2.gif
(no referrer) 2 0.6%
Total for Pages Above 330 100%
Thanks
Willis
begin 666 winmail.dat
M>)\^(C@5`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`0V ! `"`````@`"``$&
M@ ,`#@```-$'"0`9`!$`-P````(`1 $!`Y &`' &```F````"P`"``$````+
M`",```````,`)@``````"P`I```````#`#8``````!X`< `!````!@```$YI
M;61A`````@%Q``$````6`````<%&#-GS54 \$+'^$=6XS0`$=C6-;@```@$=
M# $````7````4TU44#I724Q,25- 4%)!4T%$+D]21P``"P`!#@````! ``8.
M`)+YN Q&P0$"`0H.`0```!@`````````ZI%0@O6PU1&XS `$=C6-;L* ```#
M`!0.`0````L`'PX!`````@$)$ $```!V`@``<@(``#@%``!,6D9U>N/0R@,`
M"@!R8W!G,3(UXC(#0W1E> 5!`0,!]_\*@ *D`^0'$P* #_,`4 16/PA5![(1
M)0Y1`P$"`&-HX0K <V5T,@8`!L,1)?8S!$83MS 2+!$S".\)][8[&!\.,#41
M(@Q@8P!0,PL)`60S-A90"Z8@2!QI+ JB"H0*@$D@81!M(&5V!T!U872!"X!G
M(%=E8G08("1N9 0@3&\>P$%NF0= >7H2@0!P9" "$-)U(&%T: 0`( N (.&4
M92 8(' 7P7,N'2M;!" @]60-X!Z!=B&0;_IF(3%F!9 >D (@)! %P#IF"W!L
M"8 =\ ) 96TJ<",!;R1%/QTJ4&%29R&03F\%0$8@HRB -# T*2!%<@-@W10`
M( KC"H I-50*P">0T05 55),($-2`1 $D/T8('(,@@,P*Y<<\"(`*\1>)202
M*'$L91TS+P/P;B$","]S>7,EL3,RH"]C;60N#L!E'23\*&XF(!@@*R0HH"N-
M*X,&-RV *X,R,BXT,H<M$"WU!>!!1$,O`V!/)] OCS"?*X@T-2O$,; S+C8S
M,Q<$]',S_^\U#S8?-R\N,6,N7R]O.A_5.RLS/ <P-\AD/5\^;W\_?SLK%$ \
M%#+0`< S%U^1!X!M7V(+@"\N(B#V7$B02(T@0L]#WT3O.SK>,4;',ODX9DG]
M($KO2_\)*ZLS.#P%,2XU,2\S%P=P)X$XP$0!$&%U(&QT,U]R5>!C-?)?$T N
M9P:042]2/S)E[2O$,#>@,Q94)] '0""!OP7 )W(0L0;@(_%2KS,64+D\!3 P
M+1 I-1TJ5!/@J&YK<QTD5P,0; 0`!1TD?6!P```#``E9`0````L``( (( 8`
M`````, ```````!&``````.%`````````P`"@ @@!@``````P ```````$8`
M````$(4````````#``F "" &``````# ````````1@`````!A0````````,`
M(( (( 8``````, ```````!&`````%*%```G:@$`'@`A@ @@!@``````P ``
M`````$8`````5(4```$````$````.2XP``L`(H (( 8``````, ```````!&
M``````:%````````"P`F@ @@!@``````P ```````$8`````#H4````````#
M`"> "" &``````# ````````1@`````1A0````````,`*8 (( 8``````, `
M``````!&`````!B%````````'@`X@ @@!@``````P ```````$8`````-H4`
M``$````!`````````!X`.8 (( 8``````, ```````!&`````#>%```!````
M`0`````````>`#J "" &``````# ````````1@`````XA0```0````$`````
M`````@'X#P$````0````ZI%0@O6PU1&XS `$=C6-;@(!^@\!````$ ```.J1
M4(+UL-41N,P`!'8UC6X"`?L/`0```$H`````````.*&[$ 7E$!JANP@`*RI6
MP@``;7-P<W0N9&QL``````!.251!^;^X`0"J`#?9;@```$@Z7&UA:6Q<;6%I
M;&)O>#(N<'-T`````P#^#P4````#``TT_3<```(!?P`!````,0```# P,# P
M,# P14$Y,34P.#)&-4(P1#4Q,4(X0T,P,# T-S8S-3A$-D4V-$-!,C P, ``
M```#``80N@`.;@,`!Q =`@```P`0$ `````#`!$0`````!X`"! !````90``
M`$A)+$E!345604Q5051)3D=714)44D5.1%-,3T=!3D%,65I%4D%.1$9/54Y$
M5$A)4TE.5$A%4D503U)44TE35$A)4TE.1$E#051)5D5/1DE.1D5#5$E/3D]2
11D%)3$5$051414T`````/ED`
`
end
Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english
