2 questions..nimda virus & ftp (win2kpro)

2 questions..nimda virus & ftp (win2kpro)

Post by g0d jun » Sun, 10 Mar 2002 08:05:24



1. my Admin.dll file located in my C:\ folder is infected with

it..and i tried to d/l a cleaner from norton.com but it doesnt find it..i
also have attacks on my web server and believe it is because of the virus..

002-03-08 05:45:05 68.48.11.11 - W3SVC1 SELECT 68.48.232.236 80 GET
/scripts/root.exe /c+dir 404 3 3396 72 1893 HTTP/1.0 www - - -
2002-03-08 05:45:05 68.48.11.11 - W3SVC1 SELECT 68.48.232.236 80 GET
/MSADC/root.exe /c+dir 404 3 3396 70 40 HTTP/1.0 www - - -
2002-03-08 05:45:05 68.48.11.11 - W3SVC1 SELECT 68.48.232.236 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 3 3396 80 70 HTTP/1.0 www - - -
2002-03-08 05:45:05 68.48.11.11 - W3SVC1 SELECT 68.48.232.236 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 3 3396 80 40 HTTP/1.0 www - - -
2002-03-08 05:45:05 68.48.11.11 - W3SVC1 SELECT 68.48.232.236 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 3 3396 96 20 HTTP/1.0
www - - -
2002-03-08 05:45:06 68.48.11.11 - W3SVC1 SELECT 68.48.232.236 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3 3396
117 60 HTTP/1.0 www - - -

2. how do i fix my ftp so that annon users can look at wut i have and u/l
files but not delete any..

thanks
william c jordan

 
 
 

2 questions..nimda virus & ftp (win2kpro)

Post by Aaron Margosi » Tue, 12 Mar 2002 13:24:51


Once your machine has been infected with Nimda and/or CodeRed, you should
wipe your hard drive and start over, rather than try to fix it.  There is NO
TELLING what back doors, trojans, etc., have been installed on your computer
following the initial infection.  The only way to be absolutely certain you
got them all is to build from the ground up.

Re the FTP question, you should be able to get there just by setting the
NTFS permissions in your FTP folder.  Grant the IUSR_machine account all the
Read permissions, "Create Files / Write Data", but don't grant any of the
Delete permissions.  (I'm looking at the available Advanced permissions as I
write this.)  Also, you probably don't need to grant "Create Folders /
Append Data".

HTH

-- Aaron


> 1. my Admin.dll file located in my C:\ folder is infected with

repair
> it..and i tried to d/l a cleaner from norton.com but it doesnt find it..i
> also have attacks on my web server and believe it is because of the
virus..

> 002-03-08 05:45:05 68.48.11.11 - W3SVC1 SELECT 68.48.232.236 80 GET
> /scripts/root.exe /c+dir 404 3 3396 72 1893 HTTP/1.0 www - - -
> 2002-03-08 05:45:05 68.48.11.11 - W3SVC1 SELECT 68.48.232.236 80 GET
> /MSADC/root.exe /c+dir 404 3 3396 70 40 HTTP/1.0 www - - -
> 2002-03-08 05:45:05 68.48.11.11 - W3SVC1 SELECT 68.48.232.236 80 GET
> /c/winnt/system32/cmd.exe /c+dir 404 3 3396 80 70 HTTP/1.0 www - - -
> 2002-03-08 05:45:05 68.48.11.11 - W3SVC1 SELECT 68.48.232.236 80 GET
> /d/winnt/system32/cmd.exe /c+dir 404 3 3396 80 40 HTTP/1.0 www - - -
> 2002-03-08 05:45:05 68.48.11.11 - W3SVC1 SELECT 68.48.232.236 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 3 3396 96 20 HTTP/1.0
> www - - -
> 2002-03-08 05:45:06 68.48.11.11 - W3SVC1 SELECT 68.48.232.236 80 GET
> /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3 3396
> 117 60 HTTP/1.0 www - - -

> 2. how do i fix my ftp so that annon users can look at wut i have and u/l
> files but not delete any..

> thanks
> william c jordan


 
 
 

1. Nimda Virus & operating system choices

Windows 2000 / Nimda Virus

I recently got the Nimda Virus and removed it using the
latest Norton AntiVirus software.  Now when I boot the PC
it shows these two options in the list of operating
systems to choose from:

1.      Windows 2000 Professional (default)
2.      Your machine is infected the web server is
spreading a virus.  FIX IT

Now that the virus has been removed, how can I get rid of
the second option at start-up?

Thanks in advance.

2. File attachment

3. IIS 5.0 on WIn2kPro and FTP Question?

4. Direction of IPSec

5. FTP FTP FTP FTP FTP _HELLLLPPPP!!!

6. DSL in Staten Island

7. nimda virus cleaning

8. Plot Colours

9. NIMDA.E Virus, How is in contracted?

10. Nimda virus

11. Has Nimda virus, want to degrade to win98 fr. win2k

12. NIMDA Virus

13. I-Worm/Nimda.E virus