got hacked this weekend
From: menard (menard_at_stanleyaviation.not)
Date: 07/26/05
- Next message: Jared Schrag: "Upon Logon, IE Trusted Sites trying to automatically be added -- help."
- Previous message: SunRace: "VPN Connection Using RASDIAL.EXE"
- Next in thread: Shenan Stanley: "Re: got hacked this weekend"
- Reply: Shenan Stanley: "Re: got hacked this weekend"
- Reply: Mary: "RE: got hacked this weekend"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Jul 2005 17:08:07 -0600
fully patch,
anti virus up to date
wasn't running ms spybot beta, but it didnt' see anything after the fact on
scan
files in c:\winnt\system32
as.exe
mt.exe
let.exe
zp.exe
esmb.exe
skill.exe
s.exe
wpa.dbl
files in c:\inetput\extranet\scriptlibrary
rt.asp
msg.asp ( lets you upload files )
c.exe (rename of cmd.exe)
lanping.asp (shows files in inetpub. web is in korean or chinese, my files
are in english)
rz.asp (lets you upload files)
ideas on how they got in? google says as.exe is from zorro or scorpio worm
not much in logs, firewall shows them (i have ip addresses) downloading, but
i can't find any uploads
advise?
thanks
mike
- Next message: Jared Schrag: "Upon Logon, IE Trusted Sites trying to automatically be added -- help."
- Previous message: SunRace: "VPN Connection Using RASDIAL.EXE"
- Next in thread: Shenan Stanley: "Re: got hacked this weekend"
- Reply: Shenan Stanley: "Re: got hacked this weekend"
- Reply: Mary: "RE: got hacked this weekend"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
