Thanks alot, unfortunately it did not say there was a way
to fix it, only a patch for IIS. I checked symantec for
virus removal tools also. I backup the mailboxes via
veritas exchange option and also backup the exchange
organization and information store as well and all the
hard drives. If I have to re-load it would you reccomend a
repair install of nt server 4.0 and hope that gets rid of
it or a re-install or nt server 4.0 or fdisk.I want to be
as safe as possible while still getting rid of the virus.
Do you know of any particular setting I should document
before a reload? Do you know of any good technotes that
explain exchange disaster/recovery steps?
Thanks in advance, Bob
>You've got the Sandmind/IIS worm.
>Go here to read how to fix it.
>> Hi Folks,
>> Unfortunately I've been bitten by the nimda virus on our
>> mail server running exchange 5.5. Now when people go to
>> http://mail.cambridgeheart.com without the /exchange it
>> comes up with a erroneous web page, one that has sware
>> words on it. I believe the virus may have done this. It
>> used to come up with a default web page. Does anyone
>> what html file brings up this web page on our exchange
>> server. I can restore a backup copy of it, but am not
>> which filename it is. Also is there anything else I
>> have to do other than replace the file that has been
>> modified. Thanks in advance for your help.
>> Thank You