A recent scan of my log "httperr1.log" came up as infected with "Win32.IISWorm.CodeRed.Gen" but I can't delete or move the file. I can copy the file & then delete that copy, but that doesn't do anything for getting rid of the originally infected file.
Thanks for the info... I did the safe-mode reboot & deleted the file. I'm running Small Business Server 2003, and have all of the latest patches so I'm not sure why this came up as infected. I think it has something to do with a line in the error log relating to a codered attack:
HTTP/1.0 GET /default.ida? (a whole bunch of X's then some more junk like this: %u9090%u6858%ucbd3%=a) (then the resulting error) 400 - Hostname
I shut down all of the outside access to IIS, with the exception of known IP addresses. This is a temporary fix until I make sure that there isn't a threat of infection. I think that it's just logging errors from infected machines, and thereby setting off BullGuard when it sees the above line.
Currently it is Wednesday, March 17, 2010 9:19 PM (GMT +1) There are a total of 76.277 posts in 17.610 threads. In the last 3 days there were 11 new threads and 60 reply posts. View Active Threads
Who's Online
This forum has 31151 registered members. Please welcome our newest member, kas. 28 Guest(s), 2 Registered Member(s) are currently online. Details Dickens, booboo1
|