w2k server compromised

From: Dan Uscatu (duscatu@lunatech.ro)
Date: 01/23/03

Next message: John Howie: "RE: Attacking EFS through cached domain logon credentials"

Previous message: Kolde, Jennifer E.: "RE: Bypass Traverse Checking?"
Next in thread: Kurt Seifried: "Re: w2k server compromised"
Reply: Kurt Seifried: "Re: w2k server compromised"
Reply: James D. Stallard: "RE: w2k server compromised"
Reply: H C: "Re: w2k server compromised"
Reply: Laura A. Robinson: "RE: w2k server compromised"
Maybe reply: Thomas Cameron: "RE: w2k server compromised"
Maybe reply: Brothers, Sam (OCTO): "RE: w2k server compromised"
Maybe reply: James D. Stallard: "RE: w2k server compromised"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Dan Uscatu" <duscatu@lunatech.ro>
To: <focus-ms@securityfocus.com>
Date: Thu, 23 Jan 2003 10:16:57 +0200

hey all

i just found one of the w2k servers to be infected and acting very
strangely.
unfortunately it is a domain controller and it has all the
users/computers lists.

how can i export these before reinstall in order to keep the exact same
configuration (everything except passwords of course) ?
i suppose this could be usefull to be done on a regular basis too...

TIA

Next message: John Howie: "RE: Attacking EFS through cached domain logon credentials"
Previous message: Kolde, Jennifer E.: "RE: Bypass Traverse Checking?"
Next in thread: Kurt Seifried: "Re: w2k server compromised"
Reply: Kurt Seifried: "Re: w2k server compromised"
Reply: James D. Stallard: "RE: w2k server compromised"
Reply: H C: "Re: w2k server compromised"
Reply: Laura A. Robinson: "RE: w2k server compromised"
Maybe reply: Thomas Cameron: "RE: w2k server compromised"
Maybe reply: Brothers, Sam (OCTO): "RE: w2k server compromised"
Maybe reply: James D. Stallard: "RE: w2k server compromised"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Publishing Problems with Win XP and FP 2002 on a school network
... I checked with my host and they claim that the servers are not acting as a domain controller. ... So I guess it's back to square one. ...
(microsoft.public.frontpage.client)
RE: Strange Irregular DNS/Networking Problems
... Never heard about this kind of problem with IPv6, but think this is because it is not used so much until now. ... What i heard is that firefox or some other not MS browsers and addons make problems with DNS resolving after changing DNS servers. ... After resetting the domain controller and booting up things are back ...
(microsoft.public.windows.server.dns)
Re: Authentication problems when DC is down
... Please post an unedited ipconfig /all from the 3 DCs and the SQL server, so we can exclude DNS as a problem. ... have narrowed this down specifically do the domain controller holding ... DC2, DC3), all run AD and DNS and all are GC servers ... any SQL servers using Windows ...
(microsoft.public.windows.server.active_directory)
Re: Replication Issues with A/D
... site link BRIDGING is that is connecting the spokes together and because ... Site A's subnet can talk with ALL subnets in our network ... the first problem I have is that Site D's domain controller (it ... "All servers in that can replicate partition ...
(microsoft.public.windows.server.active_directory)
Re: machine account password replication not working
... This is checking FRS replication. ... > Install the Support Tools on each Domain Controller and on each Member ... Run netdiag /v on all servers. ... The member servers reported access denied ...
(microsoft.public.win2000.active_directory)