Re: Code Red

From: Alb120 (alb1202003@hotmail.com)
Date: 01/03/03

• Next message: Danny Sanders: "Re: Do not know password upon bootup"
• Previous message: Alb120: "Re: forgotten password"
• In reply to: Armando Valdés: "Code Red"
• Next in thread: S. Pidgorny [MVP]: "Re: Code Red"
• Reply: S. Pidgorny [MVP]: "Re: Code Red"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Alb120" <alb1202003@hotmail.com>
Date: Fri, 3 Jan 2003 13:46:02 -0500

The CodeRed removal tool provides the CodeRed I and II removal (including
the recently received variants) and performs the vulnerability assessment of
your computer. Symantec is providing what it believes to be a safe,
reliable, and secure utility to remove the effects of a CodeRed infection.

http://securityresponse.symantec.com/avcenter/venc/data/codered.removal.tool
.html

(Spanish :Trata esta herramienta para remover este virus)

"Armando Valdés" <avaldes@c-com.net.ve> wrote in message
news:006b01c2afbc$7ef9ae80$cef82ecf@TK2MSFTNGXA08...
Hello !.

A W2K Server Sp2, Exchange 2000, ISA2000 and OWA setup and
running OK (Port 80 open). Fixes related to Code Red Virus
applied. The patch related to this virus were applied
recently because ISA2000 reports access to www.worm.com,
although Index Service was not running and CA Antivirus
never reported any virus (signed updated). However ISA2000
still reports access to www.worm.com. web page.

Is this server being attacked or is compromised? I have
been looking information about Code Red I and II but is
not clear (at least I could not find it) if this kind of
access is because the server is being attacked or the
server is being used to propagate the virus (worst, server
has a backdoor open!!).

Excuse my English and thanks in advances.

Armando Valdés

---

• Next message: Danny Sanders: "Re: Do not know password upon bootup"
• Previous message: Alb120: "Re: forgotten password"
• In reply to: Armando Valdés: "Code Red"
• Next in thread: S. Pidgorny [MVP]: "Re: Code Red"
• Reply: S. Pidgorny [MVP]: "Re: Code Red"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Code Red ... > The CodeRed removal tool provides the CodeRed I and II removal (including ... Fixes related to Code Red Virus ... > recently because ISA2000 reports access to www.worm.com, ... > access is because the server is being attacked or the ... (microsoft.public.win2000.security) Code Red ... running OK (Port 80 open). ... Fixes related to Code Red Virus ... recently because ISA2000 reports access to www.worm.com, ... Is this server being attacked or is compromised? ... (microsoft.public.win2000.security) Re: Code Red ... If your server is locked down properly, there's ... Don't forget - you need to check all client systems too. ... Fixes related to Code Red Virus ... recently because ISA2000 reports access to www.worm.com, ... (microsoft.public.win2000.security) Re: Is VMS losing the Financial Sector, also? ... On Behalf Of Bill Gunshannon ... Is VMS losing the Financial Sector, ... One of their Customers was running Windows Server and was down for 2 ... (comp.os.vms) Re: Information Store taking all available memory. ... There are cases where the virus software is scanning things it should not ... The aforementioned should be excluded in the virus software. ... Do Not Back Up or Scan Exchange 2000 Drive M ... Understanding Virus Scanning API 2.0 in Exchange 2000 Server ... (microsoft.public.exchange2000.information.store)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)