Re: w95.hybris.worm on SBS 2003
From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 05/19/04
- Previous message: Dustin: "My Computer is Hijacked"
- In reply to: Mike: "Re: w95.hybris.worm on SBS 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 May 2004 11:30:53 -0400
Mike - I lean towards your explanation, but I'm not familiar enough with
Exchange to say what is happening.
There are good SBS groups here, though:
microsoft.public.windows.server.sbs (first choice)
Microsoft.public.backoffice.smallbiz2000 (second choice)
"Mike" <mike008us@yahoo.com> wrote in message
news:%23An$hJUPEHA.2876@TK2MSFTNGP09.phx.gbl...
> By "sure" I meant, do you know what the \exchsrvr\blocked\ directory is
> used
> for. This is the only place the virus is found during a scan at night.
> I'm
> fairly confident what this directory is used for(see last post), but was
> looking for confirmation.
>
> Complicated beast? Wipe it clean? I'm sorry this isn't a server group I
> posted to, but those are neither realistic or necessary options. I've
> recovered many un-bootable servers that others had not been able to.
> Server
> NOS' are not scary and mysterious, but rather operate much like their
> desktop OS counterparts with added features. My main reason for posting
> here was input on the particular virus and the tie in with Exchange.
>
> Unless someone can contribute something related to this virus and Exchange
> don't waste your time.
>
> Thanks,
> Mike
>
>
> "Malke" <malke@nospoonnotreally.com> wrote in message
> news:%23IWCVLNPEHA.1312@TK2MSFTNGP12.phx.gbl...
>> Mike wrote:
>>
>> > Are you sure? After watching this directory it would make sense the
>> > Exchange may be putting any "executable" files in the \blocked
>> > directory.
>> >
>> > Tell me if I'm wrong.
>> >
>> > Thanks,
>> > Mike
>> >
>>
>> How could I be "sure" about what is going on with a server I've never
>> seen, without any knowledge of its filters or firewall settings, etc.?
>> A server is a complicated beast and if you are unsure about your
>> client's security, wipe the server and restore it with one of his
>> ghosted backup images. Otherwise, I suppose you could watch it very
>> closely to see if there is a hole somewhere and security has been
>> compromised. Who has physical access to the machine? If it is open to
>> anyone in the office or from outside, then there is no real security.
>>
>> Malke
>> --
>> MS MVP - Windows Shell/User
>> Elephant Boy Computers
>> www.elephantboycomputers.com
>> "Don't Panic!"
>
>
- Previous message: Dustin: "My Computer is Hijacked"
- In reply to: Mike: "Re: w95.hybris.worm on SBS 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
