got hacked this weekend

From: menard (menard_at_stanleyaviation.not)
Date: 07/26/05


Date: Mon, 25 Jul 2005 17:08:07 -0600

fully patch,
anti virus up to date
wasn't running ms spybot beta, but it didnt' see anything after the fact on
scan

files in c:\winnt\system32

as.exe
mt.exe
let.exe
zp.exe
esmb.exe
skill.exe
s.exe
wpa.dbl

files in c:\inetput\extranet\scriptlibrary

rt.asp
msg.asp ( lets you upload files )
c.exe (rename of cmd.exe)
lanping.asp (shows files in inetpub. web is in korean or chinese, my files
are in english)
rz.asp (lets you upload files)

ideas on how they got in? google says as.exe is from zorro or scorpio worm
not much in logs, firewall shows them (i have ip addresses) downloading, but
i can't find any uploads

advise?

thanks

mike



Relevant Pages

  • Re: How to delete a file in my web server via php
    ... upload files to my webpage, I know how to delete them from the ... but didnt find the code to delete them from the web server. ... The only way to do this through HTTP is to create a remote script that ...
    (comp.lang.php)
  • Re: How to delete a file in my web server via php
    ... upload files to my webpage, I know how to delete them from the ... but didnt find the code to delete them from the web server. ... The only way to do this through HTTP is to create a remote script that accepts parameters and uses these to select and delete the file. ...
    (comp.lang.php)
  • Re: How to delete a file in my web server via php
    ... upload files to my webpage, I know how to delete them from the ... but didnt find the code to delete them from the web server. ... The only way to do this through HTTP is to create a remote script that ...
    (comp.lang.php)