[thelist] failure notice (& CF TIP)

Steve Cook steve.cook at evitbe.com
Wed Sep 19 09:41:35 CDT 2001

Hi Dan!

If one has that file, does it mean that the server *has* been infected by a
worm, or is it that the file is a security loophole?

I ask because root.exe is on our Win 2000 server, but as that is sitting
behind what I consider to be a *very* secure firewall I find it hard to
believe that anyone has compromised our box.

Having found the file, is there anything else in particular I should be
looking for?


   WapWarp - http://wapwarp.com
 Wap-Dev - http://www.wap-dev.net
 Cookstour - http://cookstour.org

> -----Original Message-----
> From: Daniel J. Cody [mailto:djc at starkmedia.com]
> Sent: den 19 september 2001 16:06
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] failure notice (& CF TIP)
> One more tip while people are tossing them about about virii 
> and windows..
> Search your IIS server for a file called root.exe and delete 
> it - if you 
> have it you've been compromised. *NO* patches from MS delete 
> this file.

More information about the thelist mailing list