|
| |
|
|
d00nson
Posts: 142
From: Australia
Status: offline
 |
Backdoor.Sadmind.Dr worm - 7/24/2001 20:17:00
Hi all, to cut a long story short... I recently discovered my Win2K server was recently compromised by this trojan/zombie call it what you will. I started to suspect something when the performance of a database driven web hosted on my server started to degrade severly. It was very slow in responding to requests. Details of the virus are in http://sarc.com/avcenter/venc/data/backdoor.sadmind.dr.htmlAnyway, I have since patched my server with SP-2 and the Microsoft hotfix for the "CodeRed" IIS worm as well. I have repeated the process of uninstalling IIS, deleted my Inetpub (which includes wwwroot) folders and reinstalling IIS and reapplying the patch files but I still cannot restore my web files. In fact, anything with an ASP extension simply refuses to display locally or on a client machine. I suspect that te ASP engine/drivers were broken somewhere along the way. I do not want to do a full reinstall of Win2K. Can anyone offer any advice?
|
|
|
|
d00nson
Posts: 142
From: Australia
Status: offline
|
RE: Backdoor.Sadmind.Dr worm - 7/25/2001 20:25:00
Hasn't anyone seen this problem before?
| |
|
|
|
storm
Posts: 421
Status: offline
|
RE: Backdoor.Sadmind.Dr worm - 7/25/2001 20:05:00
recheck all your permissions in ntfs and iis. one of my web servers after installing the hot fix had a similiar problem and permissions got jacked around. another one for the strange but true worl of MS and IIS------------------
storm...
"Someone put forth the proposition that you can patition the lord with prayer, patition the lord with prayer...YOU CANNOT PATITION THE LORD WITH PRAYER"
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
