Information in http://isc.sans.org/diary.html?date=2003-08-09 may help. Tony -----Original Message----- From: Micheal Patterson [mailto:michealat_private] Sent: Thursday, 14 August 2003 12:45 a.m. To: incidentsat_private Subject: MSBlast and other known exploits.. I've got reports of msblast infection that I've checked and they indeed do have msblast. Also, these systems all have what appears to be a corrupted control panel applet. The normal control panel shows up in a left hand frame and the contents of add/remove programs is missing. Also, various popup windows simply will not open. I've read that there was a known root kit that utilized the same dcom exploit called khat2 (spelling) but I'm not having much luck in locating the symptoms of systems that have been rooted in this manner. Any information would be appreciated. I will be recommending that these systems be blown away and reinstalled from clean media, I'm just looking for some info to verify what's eaten away at these things. Thank you. -- Micheal Patterson Network Administration Cancer Care Network 405-733-2230 --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 19:32:52 PDT