So, after cleaning up the mess does anyone know if there are any logs of any kind typically left behind on the actual machines themselves. I'm trying to see if I can piece together the actual path taken for the original infection. I had a very quick look at a patched / rebooted machine this evening but didn't se anything obvious in the event viewer. Are there logfiles kept in any standard places for MSDE and MS SQL Server? ian -- Ian O'Brien - Xilinx Network Security Engineer -=- = Pager 408-696-2182 -=- Phone 408-879-5206 iobat_private - Please state the nature of your architectural emergency ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 09:27:22 PST