James,
In
addition to all the other checks people have posted, you may also want to head
over to eEye http://www.eeye.com/html/ and grab their
free Nimda scanner (thanks Mark, et al!) to run after you've done all your
patching/repairing.
We
have a fairly large development subnet here, I r
Title: Message
I
would imagine that after the last couple of months, if he hasn't patched, he is
compromised.
You
may want to do some research on Code Red and Nimda for starters. Each of those
leave behind tell tale signs that they have been there.
-Original Message-From: Ja
James,
Here is a
description of the damage it causes:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_NIMDA.A
Also look
for Admin.dll, root.exe and lots of files in the %systemdrive%\Inetpub\Scripts
directory that begin with TFTP. This is by no means all the t
Check out the guest account. If it is in the admin
group, then the server was compromised by nimda. And patch it, in a
hurry.
K.Borndale
[EMAIL PROTECTED] -home
email
- Original Message -
From:
James
Corlew
To:
