|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: McCammon, Keith (Keith.McCammon
eadvancemed.com)Date: Tue Aug 14 2001 - 16:31:08 CDT
That clears things up a bit. That box was obviously compromised. Probably
still is, unless you've rebuilt it since...
Keith
>-----Original Message-----
>From: Jim Barscheski [mailto:jimbpicatinnycu.org]
>Sent: Tuesday, August 14, 2001 2:03 PM
>To: 'focus-mssecurityfocus.com'
>Subject: re flushserv.exe
>
>
>some additional information:
>
>files flushserv.exe, flush.exe, and cisvc.exe were in a folder called -
>
>.TaG -= NAUTILUS =- Tem
>
>files created on 08/04/2001 00:40, last accessed 08/07/2001 21:35
>
>I moved the files out right away before looking at the
>registry. This was a
>production web server and I needed to get it restored right away.
>
>If I get more time, I'll run these on a test NT box and try to
>see what they
>do ...
>
>
>
>-----------------------------------------
>Jim Barscheski
> /"\
>jimbpicatinnycu.org ascii ribbon
>campaign \ /
>Network Administrator against HTML email X
>Picatinny Federal Credit Union
> / \
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]