Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Does anyone know on that variant if it does the same thing as CRII?
I've got a Win2K server - don't get me started . I wanted to patch it,
wasn't allowed, because "that would restart the server" blah blah blah -
anyway, I've got the Harddrive in it set to O:, but, the problem is that
I've found the root.exe file in O:\Inetpub\scripts\ and I'm concerned
that it's already been root kitted. The side is that that's the only
place I've found it, it has a creation time of last Thursday, the IIS
has been shutdown for about a week and a half, a quick scan lists the
following ports open, some of which I'm really unsure of, etc. Either
way, I'm scanning it here shortly with nessus. But, if anyone knows for
sure based on the previous info whether or not it's time to reformat,
whether there is any other option, or whether I'm just worried
needlessly, I'd appreciate it.
Here's the latest network scan for your info:
135/tcp open loc-srv
139/tcp open netbios-ssn
210/tcp open z39.50
445/tcp open microsoft-ds
1025/tcp open listen
1157/tcp open unknown
1251/tcp open unknown
1494/tcp open citrix-ica
2512/tcp open unknown
2513/tcp open unknown
3372/tcp open unknown
3389/tcp open msrdp
6798/tcp open unknown
Thanks!
Jason McIntosh
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php
Archives are available at http://mlug.missouri.edu/list-archives/
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact