>"Possible Backdoors: >FireDaemon.exe" Port 2301. The entire box was >searched, and the file was absent.
I also experienced this false positive on port 2301 recently, likewise we searched the whole box inside an out and found nothing. We had the added pleasure of searching through the backup logs as well, looking for diffs. In addition to crypto's troubles, one of the plugins running at the time "knocked" over our Compaq Insight Manager website on Port 2301. So that when I connected to port 2301 with a web browser, I didn't see the familar page, but a page listing all kinds of nasty toys like iiscrack, pwdump, etc. It appears as though one of the plugins running produced a buffer overflow in McAffee, while another (or the same one) some how over wrote the contents of the compaq webpage. After carefully examining the "directory" listing on the web page, and verifying that none of the files were physically located on the server, I began inspecting the pluggins that ran. The content of one in particular matched up with the new content on our Insight Manager web page: DDI_IIS_Compromised.nasl. IMPORTANT NOTICE: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this message in error, you are hereby notified that we do not consent to any reading, dissemination, distribution or copying of this message. If you have received this communication in error, please notify the sender immediately and destroy the transmitted information.
