Paul,
> The filename of the software that is responsible we
> believe to be msudb32.exe
how did you come to this conclusion? Did you run
fport to determine that this is the file/process using
port 24?
What other services do you have running? HTTP? FTP?
How about your EventLogs? Do they sh
What I know about this, is that 'they' use a bug in IIS to get access on the
server. Most of the time they will install a serv-u ftp server. And make
hidden dirs that cannot be accessed directly by browsing through the
directories (dirs like "com1", "lpt1" a.o.)
The file msudb32.exe doesn't ring
--On Thursday, February 20, 2003 12:57 PM -0500 Paul Stewart
<[EMAIL PROTECTED]> wrote:
We have no idea how this person has managed to gain some form of
access to these servers and are obviously quite concerned.
What services are the servers running? Are the machines *fully*
patched?
We've had s