[thelist] failure notice (& CF TIP)
Steve Cook
steve.cook at evitbe.com
Wed Sep 19 09:41:35 CDT 2001
Hi Dan!
If one has that file, does it mean that the server *has* been infected by a
worm, or is it that the file is a security loophole?
I ask because root.exe is on our Win 2000 server, but as that is sitting
behind what I consider to be a *very* secure firewall I find it hard to
believe that anyone has compromised our box.
Having found the file, is there anything else in particular I should be
looking for?
.steve
----------------------------------
WapWarp - http://wapwarp.com
Wap-Dev - http://www.wap-dev.net
Cookstour - http://cookstour.org
----------------------------------
> -----Original Message-----
> From: Daniel J. Cody [mailto:djc at starkmedia.com]
> Sent: den 19 september 2001 16:06
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] failure notice (& CF TIP)
>
>
> One more tip while people are tossing them about about virii
> and windows..
>
> Search your IIS server for a file called root.exe and delete
> it - if you
> have it you've been compromised. *NO* patches from MS delete
> this file.
>
More information about the thelist
mailing list