The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Re: IIS Worm


  • To: <ukha_d@xxxxxxx>
  • Subject: RE: Re: IIS Worm
  • From: "Graham Howe" <graham@xxxxxxx>
  • Date: Wed, 19 Sep 2001 14:18:02 +0100
  • Delivered-to: mailing list ukha_d@xxxxxxx
  • Mailing-list: list ukha_d@xxxxxxx; contact ukha_d-owner@xxxxxxx
  • Reply-to: ukha_d@xxxxxxx

OK guys, thanks for all the assistance, it looks like I have made some
progress now.

All patches are applied to the server, the MS Code Red tool has removed any
suspicious programs (as have I). All files have been cleaned (a FIND across
all drives reports no instance of readme.eml inside any file). I have
upgraded to IE6.

However there are two problems:
1. When I reboot the server it still shares all my drives yet a search of
system.ini shows no mention of the -dontrunold bit. So I assume that the
worm is gone from the system but it has done something in the registry that
keeps being applied at start up. Does anyone know what this might be?

2. For some reason I can not browse from my server to the internet (yet I
could last night as I was downloading IE6). I can connect to my server
using
pcAnywhere and it seems to have IP running correctly, but I can not ping
from my server to any internet site. I'm not sure that this is anything to
do with the worm, but it seems like there might be some problem with the
network settings on the server. The server is physically located in
Manchester at my ISP so I am a little concerned about mucking about with
network settings that could end up preventing me from remotely accessing
the
box. Again does anyone have any ideas?

Regards

Graham



Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.