Backdoor.Sadmind.Dr worm

Backdoor.Sadmind.Dr worm (Full Version)

All Forums >> [Web Development] >> Server Issues

Message

d00nson -> Backdoor.Sadmind.Dr worm (7/24/2001 20:17:00)
Hi all, to cut a long story short... I recently discovered my Win2K server was recently compromised by this trojan/zombie call it what you will. I started to suspect something when the performance of a database driven web hosted on my server started to degrade severly. It was very slow in responding to requests. Details of the virus are in http://sarc.com/avcenter/venc/data/backdoor.sadmind.dr.html Anyway, I have since patched my server with SP-2 and the Microsoft hotfix for the "CodeRed" IIS worm as well. I have repeated the process of uninstalling IIS, deleted my Inetpub (which includes wwwroot) folders and reinstalling IIS and reapplying the patch files but I still cannot restore my web files. In fact, anything with an ASP extension simply refuses to display locally or on a client machine. I suspect that te ASP engine/drivers were broken somewhere along the way. I do not want to do a full reinstall of Win2K. Can anyone offer any advice?

d00nson -> RE: Backdoor.Sadmind.Dr worm (7/25/2001 20:25:00)
Hasn't anyone seen this problem before?

storm -> RE: Backdoor.Sadmind.Dr worm (7/25/2001 20:05:00)
recheck all your permissions in ntfs and iis. one of my web servers after installing the hot fix had a similiar problem and permissions got jacked around. another one for the strange but true worl of MS and IIS ------------------ storm... "Someone put forth the proposition that you can patition the lord with prayer, patition the lord with prayer...YOU CANNOT PATITION THE LORD WITH PRAYER"

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

4.711914E-02