[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
RE: Re: IIS Worm
- To: <ukha_d@xxxxxxx>
- Subject: RE: Re: IIS Worm
- From: "Graham Howe" <graham@xxxxxxx>
- Date: Wed, 19 Sep 2001 14:18:02 +0100
- Delivered-to: mailing list ukha_d@xxxxxxx
- Mailing-list: list ukha_d@xxxxxxx; contact
ukha_d-owner@xxxxxxx
- Reply-to: ukha_d@xxxxxxx
OK guys, thanks for all the assistance, it looks like I have made some
progress now.
All patches are applied to the server, the MS Code Red tool has removed any
suspicious programs (as have I). All files have been cleaned (a FIND across
all drives reports no instance of readme.eml inside any file). I have
upgraded to IE6.
However there are two problems:
1. When I reboot the server it still shares all my drives yet a search of
system.ini shows no mention of the -dontrunold bit. So I assume that the
worm is gone from the system but it has done something in the registry that
keeps being applied at start up. Does anyone know what this might be?
2. For some reason I can not browse from my server to the internet (yet I
could last night as I was downloading IE6). I can connect to my server
using
pcAnywhere and it seems to have IP running correctly, but I can not ping
from my server to any internet site. I'm not sure that this is anything to
do with the worm, but it seems like there might be some problem with the
network settings on the server. The server is physically located in
Manchester at my ISP so I am a little concerned about mucking about with
network settings that could end up preventing me from remotely accessing
the
box. Again does anyone have any ideas?
Regards
Graham
Home |
Main Index |
Thread Index
|