Re: win2k server issue

From: H C (keydet89at_private)
Date: Thu Jun 27 2002 - 19:07:21 PDT

Next message: Barry Irwin: "Re: spoofed packets to RFC 1918 addresses"

Previous message: Mike Denka: "33 character encrypted passwords in /etc/shadow"
In reply to: RUSSELL T. LEWIS: "win2k server issue"
Next in thread: McCammon, Keith: "RE: win2k server issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Russell,

> There is a suspicious exe on the server in the c:
> drive, mipckov.exe, and it
> tried to access the Internet 

1.  Could you zip up a copy of the EXE and send it to
me?
2.  What was the full path to the exe on the system?
3.  What port did the exe try to access?

> We re-ran the mipckov
> earlier this morning because
> accounting was having a problem,

What do you mean, "re-ran" it?  You said it was
suspicious...why would you then go back and run it?




__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Barry Irwin: "Re: spoofed packets to RFC 1918 addresses"
Previous message: Mike Denka: "33 character encrypted passwords in /etc/shadow"
In reply to: RUSSELL T. LEWIS: "win2k server issue"
Next in thread: McCammon, Keith: "RE: win2k server issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 08:52:13 PDT