philip
December 17th 03, 10:14 PM
Hi All,
I believe my Win2k server sp3 has been compromised. I have been
downloading all updated from windows update. Yesterday we noticed
strange files being created in the root dir; with names like
"1ae5cf12651de3bcc45825" the files inside include update.exe and
spcustom.dll. We delete them and they reappear at random times with
different names. I have scanned with Norton corp. and trend micro,
both find nothing.
I have also found some text files created with the same time stamp in
the c:\winnt dir. here is a sample
Service Pack started with following command line: -u -o -q -z
***
---- Old Information In The Registry ------
***
Source:c:\1ae5cf12651de3bcc45825\update\update.exe
Version: 5.3.16.5
***
Destination:
Version:
***
Source:c:\1ae5cf12651de3bcc45825\update
Version:
***
Can anyone share any info on this one????
Any help is appreciated
I believe my Win2k server sp3 has been compromised. I have been
downloading all updated from windows update. Yesterday we noticed
strange files being created in the root dir; with names like
"1ae5cf12651de3bcc45825" the files inside include update.exe and
spcustom.dll. We delete them and they reappear at random times with
different names. I have scanned with Norton corp. and trend micro,
both find nothing.
I have also found some text files created with the same time stamp in
the c:\winnt dir. here is a sample
Service Pack started with following command line: -u -o -q -z
***
---- Old Information In The Registry ------
***
Source:c:\1ae5cf12651de3bcc45825\update\update.exe
Version: 5.3.16.5
***
Destination:
Version:
***
Source:c:\1ae5cf12651de3bcc45825\update
Version:
***
Can anyone share any info on this one????
Any help is appreciated