I also sent this message to incidents so sorry if you get it twice like I will ;). After seeing many posts on this "root.exe" backdoor, and encountering it 3 times in the field I decided to write a script that scans from startip to endip looking for root.exe in msadc/ and scripts/. It's not blazing fast but it definitely gets the job done. Feel free to modify it as you see fit. Just email me your modifications so i can see how you improved it and keep my name on it. Enjoy, ________________________________________________________ The Best News Source On The Web - http://www.disinfo.com
This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 10:52:37 PDT