In that case, then it could be worse. Have you completed the security checklist that Microsoft gives out free from Microsoft
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/Default.asp and are you up to date on the hotfixes. I know it sounds like ancient history, but there are still servers infected with the Code-Red virus. As a matter of fact they say if you setup a server and have it hooked to the internet that you will be infected before you can download and install the patch. Here is a simple but quick way to stop a lot of this. locate the CMD.EXE file. take that file an move it to a folder that is setup to only be accessed by the admin (ie remove the everyone access from that folder) Go to you IIS logs usually under c:\winnt\system32\logfiles folder and look at the logs files. Search for cmd.exe. It might surprise you what has been going on through port 80 thanks to M$ Good Luck Ben Johansen - http://www.pcforge.com Authorized Witango Reseller http://www.pcforge.com/WitangoGoodies.htm Latest downloads & List Archives @ http://www.witango.ws -----Original Message----- From: [EMAIL PROTECTED] [mailto:owner-witango-talk@;witango.com] On Behalf Of Brad Robertson Sent: Friday, October 18, 2002 4:59 PM To: Multiple recipients of list witango-talk Subject: Re: Witango-Talk: virus?? (OT) Ben, Thanks for the quick reply. I will look into this. The main thing that baffles me is that I this box isn't used for anything but web and tango app server - I thought the box was pretty secure so I don't know how this would have been installed. Brad ----- Original Message ----- From: "Ben Johansen" <[EMAIL PROTECTED]> To: "Multiple recipients of list witango-talk" <[EMAIL PROTECTED]> Sent: Friday, October 18, 2002 4:15 PM Subject: RE: Witango-Talk: virus?? (OT) Hey, I am not ruling out a virus, but you might want to look into spyware detectors. They usually exhibit the behavior you are seeing Try downloading Ad-Aware from http://www.lavasoft.de. When you download the free Ad-Aware make sure you download it from either Mirror#1 or Mirror#2 farther down the downloads list. The other sites like MajorGeeks.com install the spyware you are trying to get rid of by downloading Ad-Aware Another free program is spybot (for windows only) http://download.com.com/3000-2144-10122138.html Ben Johansen - http://www.pcforge.com Authorized Witango Reseller http://www.pcforge.com/WitangoGoodies.htm Latest downloads & List Archives @ http://www.witango.ws -----Original Message----- From: [EMAIL PROTECTED] [mailto:owner-witango-talk@;witango.com] On Behalf Of Brad Robertson Sent: Friday, October 18, 2002 3:59 PM To: Multiple recipients of list witango-talk Subject: Witango-Talk: virus?? (OT) Hello list, I am not sure how to explain this, but on my Tango/IIS server (Win 2K, SP2), I keep getting system popup windows that have advertisements. I turned off the Alerter and Messenger service and still get them. Some appear in my event log as application popup with no clues as to the origin. Anybody getting these? Any ideas? Regards, Brad ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
