IMHO if you have a forensics expert at hand, you could ask him (her for you anti-chauvinists ;-)) for a post-mortem investigation in order to identify how that IRC server was "installed" into your system. that would shed a lot of light about how to get better security for your NT4 server. If not, and if you need that server in a hurry, you must format and restore it. HTH, marlon. >>> <benat_private> 07/21 2:47 pm >>> Sorry if this post seems remedial, but I'm pretty new to security. Last week out NT4 PDC detected a virus (Pinfi.a) and put it in quaentine as it should. While cleaning up the files, I noticed a new folder in the WINNT/System32 directory: rmtcfg. It was filled with several .exe and batch scripts. /* Marlon Borba Divisao de Suporte Tecnico TRF 3a. Regiao (11) 3012-1683 e 9692-8357 mborbaat_private - marlonborbaat_private ------- "We reject kings, presidents, and voting. We believe in rough consensus and a running code." --Dave Clark, pioneiro da Internet */ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 22 2003 - 13:54:51 PDT