OWA default web page Help!

OWA default web page Help!

Post by bob » Fri, 05 Oct 2001 06:29:43



Hi Folks,

Unfortunately I've been bitten by the nimda virus on our
mail server running exchange 5.5. Now when people go to
http://mail.cambridgeheart.com without the /exchange it
comes up with a erroneous web page, one that has sware
words on it. I believe the virus may have done this. It
used to come up with a default web page. Does anyone know
what html file brings up this web page on our exchange
server. I can restore a backup copy of it, but am not sure
which filename it is. Also is there anything else I would
have to do other than replace the file that has been
modified. Thanks in advance for your help.

Thank You
Bob

 
 
 

OWA default web page Help!

Post by Jeff Dayto » Fri, 05 Oct 2001 09:45:50


You've got the Sandmind/IIS worm.
Go here to read how to fix it.

http://www.cert.org/advisories/CA-2001-11.html

Jeff


Quote:> Hi Folks,

> Unfortunately I've been bitten by the nimda virus on our
> mail server running exchange 5.5. Now when people go to
> http://mail.cambridgeheart.com without the /exchange it
> comes up with a erroneous web page, one that has sware
> words on it. I believe the virus may have done this. It
> used to come up with a default web page. Does anyone know
> what html file brings up this web page on our exchange
> server. I can restore a backup copy of it, but am not sure
> which filename it is. Also is there anything else I would
> have to do other than replace the file that has been
> modified. Thanks in advance for your help.

> Thank You
> Bob


 
 
 

OWA default web page Help!

Post by Bob » Sat, 06 Oct 2001 10:39:23


Thanks alot, unfortunately it did not say there was a way
to fix it, only a patch for IIS. I checked symantec for
virus removal tools also. I backup the mailboxes via
veritas exchange option and also backup the exchange
organization and information store as well and all the
hard drives. If I have to re-load it would you reccomend a
repair install of nt server 4.0 and hope that gets rid of
it or a re-install or nt server 4.0 or fdisk.I  want to be
as safe as possible while still getting rid of the virus.
Do you know of any particular setting I should document
before a reload? Do you know of any good technotes that
explain exchange disaster/recovery steps?

Thanks in advance, Bob

>-----Original Message-----
>You've got the Sandmind/IIS worm.
>Go here to read how to fix it.

>http://www.cert.org/advisories/CA-2001-11.html

>Jeff



>> Hi Folks,

>> Unfortunately I've been bitten by the nimda virus on our
>> mail server running exchange 5.5. Now when people go to
>> http://mail.cambridgeheart.com without the /exchange it
>> comes up with a erroneous web page, one that has sware
>> words on it. I believe the virus may have done this. It
>> used to come up with a default web page. Does anyone
know
>> what html file brings up this web page on our exchange
>> server. I can restore a backup copy of it, but am not
sure
>> which filename it is. Also is there anything else I
would
>> have to do other than replace the file that has been
>> modified. Thanks in advance for your help.

>> Thank You
>> Bob

>.