The system can not log you on due to the following error. The network request is not supported.
in [Windows Viruses]
|
Prev: McAfee update: File SK_det.mcs is corrupt
Next: Multiple epmap TCP connections established with one XP client
From: David Copeland [MSFT] on 4 Jun 2005 13:59 As a safety precaution can you put the internal nic on a hub by itself (or at least shutdown all internal client machines/servers) and unplug the external network cable and then reboot the server.. Does the problem occur? If not, then can you configure the server (ISA/firewall) to not allow any inbound traffic to the server (for example, disable inbound packet filters, web publishing rules, and/or server publishing rules).. Then plug in the external network cable and go to Windows Update and check to see if you are missing any critical updates! And/or any other critical updates. Might use something like MBSA to check the server as well. -- Hope that helps, David Copeland Microsoft Small Business Server Support This posting is provided "AS IS" with no warranties, and confers no rights. SBS Newsgroups: SBS v4.x: microsoft.public.backoffice.smallbiz SBS 2000: microsoft.public.backoffice.smallbiz2000 SBS 2003: microsoft.public.windows.server.sbs "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:eT616FSaFHA.2124(a)TK2MSFTNGP14.phx.gbl... > From: "Fredly" <abc(a)email.com> > > Run a scan using the McAfee Command Line Scanner to see if there is > anthing SAV missed. > > You can run it in Normal Mode if you like if you don't want to bring down > the server. > > > Dump the contents of the IE Temporary Internet Folder cache (TIF) > Start --> Settings --> Control Panel --> Internet Options --> Delete Files > > Dump the contents of the Mozilla FireFox Cache { if you use FireFox } > Tools --> Options --> Privacy --> Cache --> Clear > > > Download CLEAN.EXE from the URL -- > http://www.ik-cs.com/programs/virtools/clean.exe > > It is a self-extracting ZIP file that contains the Kixtart Script > Interpreter > { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart > scripts, two Link > (.lnk) files and a PDF instruction file. > > GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee > Command Line > Scanner. You may have to disable your FireWall or allow FTP.EXE to go > through your FireWall > to allow the FTP utility to download the needed files > > CLEAN.BAT -- For running within Windows after running > c:\mcafee\GetFiles.BAT. If you choose > to scan again at a future date, run this batch file. It will > automatically check the date > of the McAfee DAT files and if it is a couple of days old, it will > download (FTP) the latest > signature files and install them before performing the scan. > > DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is > using FAT32 after > you have booted from an Emergency Boot Disk or DOS disk and have already > executed; > c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be > obtained from; > http://www.bootdisk.com/bootdisk.htm > > I need you to perform the following... > > Execute; CLEAN.EXE > Choose; Unzip > Choose; Close > > Execute; c:\mcafee\GetFiles.BAT > { or Double-click on 'GetFiles Link' in c:\mcafee } > > Reboot the PC into Safe Mode [F8 key during boot] > > Shutdown as many applications as possible ! > It would also help for you to read - "How to perform a clean boot in > Windows XP" > http://support.microsoft.com/kb/310353 > > Execute; c:\mcafee\CLEAN.BAT > { or Double-click on 'Clean Link' in c:\mcafee } > > A final report in HTML format called C:\mcafee\ScanReport.HTML will be > generated. At the > end of the scan, it will be displayed in your browser (Opera, FireFox or > Internet Explorer). > It is suggested that you move the report out of c:\mcafee before > performing another scan. > It would be a good idea to scan in Safe Mode and in Normal Mode and save a > copy of the HTML > report for each session. > > > * * * Please report back your results * * * > > > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > >
From: Fredly on 4 Jun 2005 17:04 Thank you David! It takes a while for it to occur so I won't know soon. I did close port 80 on the watchguard firewall (it was pointing to the server). Just a hunch. I was back a few patches. I have red stop sign errors on Array Manager, Public, Exchange and Exadmin in IIS. I just saw this in my IIS log: 2005-06-04 00:29:37 67.183.3.221 - 10.0.0.2 80 GET / - 500 - 2005-06-04 05:41:28 67.116.70.34 - 10.0.0.2 80 GET /scripts/root.exe /c+dir 404 - 2005-06-04 05:41:28 67.116.70.34 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir 403 - 2005-06-04 05:41:30 67.116.70.34 - 10.0.0.2 80 GET /c/winnt/system32/cmd.exe /c+dir 404 - 2005-06-04 05:41:30 67.116.70.34 - 10.0.0.2 80 GET /d/winnt/system32/cmd.exe /c+dir 404 - 2005-06-04 05:41:32 67.116.70.34 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-06-04 05:41:32 67.116.70.34 - 10.0.0.2 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-06-04 05:41:34 67.116.70.34 - 10.0.0.2 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 - 2005-06-04 05:41:35 67.116.70.34 - 10.0.0.2 80 GET /msadc/..%5c../..%5c../..%5c/..ý ../..ý ../..ý ../winnt/system32/cmd.exe /c+dir 403 - 2005-06-04 05:41:35 67.116.70.34 - 10.0.0.2 80 GET /scripts/..ý ../winnt/system32/cmd.exe /c+dir 500 - 2005-06-04 05:41:37 67.116.70.34 - 10.0.0.2 80 GET /scripts/winnt/system32/cmd.exe /c+dir 404 - 2005-06-04 05:41:37 67.116.70.34 - 10.0.0.2 80 GET /winnt/system32/cmd.exe /c+dir 404 - 2005-06-04 05:41:39 67.116.70.34 - 10.0.0.2 80 GET /winnt/system32/cmd.exe /c+dir 404 - 2005-06-04 05:41:39 67.116.70.34 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-06-04 05:41:41 67.116.70.34 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-06-04 05:41:42 67.116.70.34 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-06-04 05:41:42 67.116.70.34 - 10.0.0.2 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 - 2005-06-04 06:14:05 67.167.141.247 - 10.0.0.2 80 GET / - 500 - This from the other day: 2005-06-01 16:25:54 61.73.62.50 - 10.0.0.2 80 GET /forum/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-06-01 16:25:55 61.73.62.50 - 10.0.0.2 80 GET /phpBB/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-06-01 16:25:57 61.73.62.50 - 10.0.0.2 80 GET /iisstart.asp - 200 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-06-01 16:25:57 61.73.62.50 - 10.0.0.2 80 GET /forums/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-06-01 16:25:59 61.73.62.50 - 10.0.0.2 80 GET /phpbb/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-06-01 16:26:01 61.73.62.50 - 10.0.0.2 80 GET /board/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-06-01 16:26:02 61.73.62.50 - 10.0.0.2 80 GET /boards/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-06-01 16:26:04 61.73.62.50 - 10.0.0.2 80 GET /phpBB2/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-06-01 16:26:05 61.73.62.50 - 10.0.0.2 80 GET /msgboard/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-06-01 16:26:07 61.73.62.50 - 10.0.0.2 80 GET /foros/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-06-01 16:26:08 61.73.62.50 - 10.0.0.2 80 GET /portal/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) This from the first time the server behaved this way: 2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /scripts/root.exe /c+dir 404 - 2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir 403 - 2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /c/winnt/system32/cmd.exe /c+dir 404 - 2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /d/winnt/system32/cmd.exe /c+dir 404 - 2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 - 2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET /msadc/..%5c../..%5c../..%5c/..ý ../..ý ../..ý ../winnt/system32/cmd.exe /c+dir 403 - 2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /scripts/..ý ../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /scripts/winnt/system32/cmd.exe /c+dir 404 - 2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /winnt/system32/cmd.exe /c+dir 404 - 2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /winnt/system32/cmd.exe /c+dir 404 - 2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 11:26:56 218.83.155.79 - 10.0.0.2 80 GET /iisstart.asp - 500 - 2005-05-09 14:10:16 10.0.0.2 - 10.0.0.2 80 OPTIONS / - 200 Microsoft-WebDAV-MiniRedir/5.1.2600 2005-05-09 14:14:39 10.0.0.2 - 10.0.0.2 80 PROPFIND /sysvol - 404 Microsoft-WebDAV-MiniRedir/5.1.26002005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /scripts/root.exe /c+dir 404 - 2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir 403 - 2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /c/winnt/system32/cmd.exe /c+dir 404 - 2005-05-09 03:27:26 67.163.230.186 - 10.0.0.2 80 GET /d/winnt/system32/cmd.exe /c+dir 404 - 2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 - 2005-05-09 03:27:27 67.163.230.186 - 10.0.0.2 80 GET /msadc/..%5c../..%5c../..%5c/..ý ../..ý ../..ý ../winnt/system32/cmd.exe /c+dir 403 - 2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /scripts/..ý ../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /scripts/winnt/system32/cmd.exe /c+dir 404 - 2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /winnt/system32/cmd.exe /c+dir 404 - 2005-05-09 03:27:28 67.163.230.186 - 10.0.0.2 80 GET /winnt/system32/cmd.exe /c+dir 404 - 2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 03:27:29 67.163.230.186 - 10.0.0.2 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 - 2005-05-09 11:26:56 218.83.155.79 - 10.0.0.2 80 GET /iisstart.asp - 500 - 2005-05-09 14:10:16 10.0.0.2 - 10.0.0.2 80 OPTIONS / - 200 Microsoft-WebDAV-MiniRedir/5.1.2600 2005-05-09 14:14:39 10.0.0.2 - 10.0.0.2 80 PROPFIND /sysvol - 404 Microsoft-WebDAV-MiniRedir/5.1.2600 "David Copeland [MSFT]" <davidcop(a)online.microsoft.com> wrote in message news:Oqwpj3SaFHA.2884(a)tk2msftngp13.phx.gbl... > > As a safety precaution can you put the internal nic on a hub by itself (or > at least shutdown all internal client machines/servers) and unplug the > external network cable and then reboot the server.. Does the > problem occur? If not, then can you configure the server (ISA/firewall) to > not allow any inbound traffic to the server (for example, disable inbound > packet filters, web publishing rules, and/or server publishing rules).. Then > plug in the external network cable and go to Windows Update and check to > see if you are missing any critical updates! And/or any other critical > updates. Might use something like MBSA to check the server as well. > > > -- > > Hope that helps, > David Copeland > Microsoft Small Business Server Support > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > SBS Newsgroups: > > SBS v4.x: microsoft.public.backoffice.smallbiz > SBS 2000: microsoft.public.backoffice.smallbiz2000 > SBS 2003: microsoft.public.windows.server.sbs > > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > news:eT616FSaFHA.2124(a)TK2MSFTNGP14.phx.gbl... > > From: "Fredly" <abc(a)email.com> > > > > Run a scan using the McAfee Command Line Scanner to see if there is > > anthing SAV missed. > > > > You can run it in Normal Mode if you like if you don't want to bring down > > the server. > > > > > > Dump the contents of the IE Temporary Internet Folder cache (TIF) > > Start --> Settings --> Control Panel --> Internet Options --> Delete Files > > > > Dump the contents of the Mozilla FireFox Cache { if you use FireFox } > > Tools --> Options --> Privacy --> Cache --> Clear > > > > > > Download CLEAN.EXE from the URL -- > > http://www.ik-cs.com/programs/virtools/clean.exe > > > > It is a self-extracting ZIP file that contains the Kixtart Script > > Interpreter > > { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart > > scripts, two Link > > (.lnk) files and a PDF instruction file. > > > > GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee > > Command Line > > Scanner. You may have to disable your FireWall or allow FTP.EXE to go > > through your FireWall > > to allow the FTP utility to download the needed files > > > > CLEAN.BAT -- For running within Windows after running > > c:\mcafee\GetFiles.BAT. If you choose > > to scan again at a future date, run this batch file. It will > > automatically check the date > > of the McAfee DAT files and if it is a couple of days old, it will > > download (FTP) the latest > > signature files and install them before performing the scan. > > > > DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is > > using FAT32 after > > you have booted from an Emergency Boot Disk or DOS disk and have already > > executed; > > c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be > > obtained from; > > http://www.bootdisk.com/bootdisk.htm > > > > I need you to perform the following... > > > > Execute; CLEAN.EXE > > Choose; Unzip > > Choose; Close > > > > Execute; c:\mcafee\GetFiles.BAT > > { or Double-click on 'GetFiles Link' in c:\mcafee } > > > > Reboot the PC into Safe Mode [F8 key during boot] > > > > Shutdown as many applications as possible ! > > It would also help for you to read - "How to perform a clean boot in > > Windows XP" > > http://support.microsoft.com/kb/310353 > > > > Execute; c:\mcafee\CLEAN.BAT > > { or Double-click on 'Clean Link' in c:\mcafee } > > > > A final report in HTML format called C:\mcafee\ScanReport.HTML will be > > generated. At the > > end of the scan, it will be displayed in your browser (Opera, FireFox or > > Internet Explorer). > > It is suggested that you move the report out of c:\mcafee before > > performing another scan. > > It would be a good idea to scan in Safe Mode and in Normal Mode and save a > > copy of the HTML > > report for each session. > > > > > > * * * Please report back your results * * * > > > > > > > > > > -- > > Dave > > http://www.claymania.com/removal-trojan-adware.html > > http://www.ik-cs.com/got-a-virus.htm > > > > > >
From: Fredly on 4 Jun 2005 17:10 More IIS logs 2005-05-15 10:20:09 67.181.18.143 - 10.0.0.2 80 GET /scripts/root.exe /c+dir 404 - 2005-05-15 10:20:09 67.181.18.143 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir 403 - 2005-05-15 10:20:10 67.181.18.143 - 10.0.0.2 80 GET /c/winnt/system32/cmd.exe /c+dir 404 - 2005-05-15 10:20:10 67.181.18.143 - 10.0.0.2 80 GET /d/winnt/system32/cmd.exe /c+dir 404 - 2005-05-15 10:20:11 67.181.18.143 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 10:20:11 67.181.18.143 - 10.0.0.2 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 10:20:11 67.181.18.143 - 10.0.0.2 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 - 2005-05-15 10:20:12 67.181.18.143 - 10.0.0.2 80 GET /msadc/..%5c../..%5c../..%5c/..ý ../..ý ../..ý ../winnt/system32/cmd.exe /c+dir 403 - 2005-05-15 10:20:12 67.181.18.143 - 10.0.0.2 80 GET /scripts/..ý ../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 10:20:13 67.181.18.143 - 10.0.0.2 80 GET /scripts/winnt/system32/cmd.exe /c+dir 404 - 2005-05-15 10:20:13 67.181.18.143 - 10.0.0.2 80 GET /winnt/system32/cmd.exe /c+dir 404 - 2005-05-15 10:20:15 67.181.18.143 - 10.0.0.2 80 GET /winnt/system32/cmd.exe /c+dir 404 - 2005-05-15 10:20:15 67.181.18.143 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 10:20:15 67.181.18.143 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 10:20:16 67.181.18.143 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 10:20:16 67.181.18.143 - 10.0.0.2 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 11:47:46 67.188.237.215 - 10.0.0.2 80 GET /scripts/root.exe /c+dir 404 - 2005-05-15 11:47:46 67.188.237.215 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir 403 - 2005-05-15 11:47:46 67.188.237.215 - 10.0.0.2 80 GET /c/winnt/system32/cmd.exe /c+dir 404 - 2005-05-15 11:47:46 67.188.237.215 - 10.0.0.2 80 GET /d/winnt/system32/cmd.exe /c+dir 404 - 2005-05-15 11:47:47 67.188.237.215 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 11:47:47 67.188.237.215 - 10.0.0.2 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 11:47:47 67.188.237.215 - 10.0.0.2 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 - 2005-05-15 11:47:47 67.188.237.215 - 10.0.0.2 80 GET /msadc/..%5c../..%5c../..%5c/..ý ../..ý ../..ý ../winnt/system32/cmd.exe /c+dir 403 - 2005-05-15 11:47:48 67.188.237.215 - 10.0.0.2 80 GET /scripts/..ý ../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 11:47:48 67.188.237.215 - 10.0.0.2 80 GET /scripts/winnt/system32/cmd.exe /c+dir 404 - 2005-05-15 11:47:48 67.188.237.215 - 10.0.0.2 80 GET /winnt/system32/cmd.exe /c+dir 404 - 2005-05-15 11:47:48 67.188.237.215 - 10.0.0.2 80 GET /winnt/system32/cmd.exe /c+dir 404 - 2005-05-15 11:47:49 67.188.237.215 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 11:47:49 67.188.237.215 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 11:47:49 67.188.237.215 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 11:47:49 67.188.237.215 - 10.0.0.2 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 - 2005-05-15 13:43:51 218.83.155.79 - 10.0.0.2 80 GET /default.shtml <B>Failed+to+process+SSI+file+'/default.shtml'</B><BR>++ 200 - 2005-05-23 03:11:29 67.174.115.120 - 10.0.0.2 80 GET /scripts/root.exe /c+dir 404 - 2005-05-23 03:11:29 67.174.115.120 - 10.0.0.2 80 GET /MSADC/root.exe /c+dir 403 - 2005-05-23 03:11:31 67.174.115.120 - 10.0.0.2 80 GET /c/winnt/system32/cmd.exe /c+dir 404 - 2005-05-23 03:11:31 67.174.115.120 - 10.0.0.2 80 GET /d/winnt/system32/cmd.exe /c+dir 404 - 2005-05-23 03:11:32 67.174.115.120 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-23 03:11:32 67.174.115.120 - 10.0.0.2 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-23 03:11:32 67.174.115.120 - 10.0.0.2 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 - 2005-05-23 03:11:33 67.174.115.120 - 10.0.0.2 80 GET /msadc/..%5c../..%5c../..%5c/..ý ../..ý ../..ý ../winnt/system32/cmd.exe /c+dir 403 - 2005-05-23 03:11:33 67.174.115.120 - 10.0.0.2 80 GET /scripts/..ý ../winnt/system32/cmd.exe /c+dir 500 - 2005-05-23 03:11:33 67.174.115.120 - 10.0.0.2 80 GET /scripts/winnt/system32/cmd.exe /c+dir 404 - 2005-05-23 03:11:34 67.174.115.120 - 10.0.0.2 80 GET /winnt/system32/cmd.exe /c+dir 404 - 2005-05-23 03:11:34 67.174.115.120 - 10.0.0.2 80 GET /winnt/system32/cmd.exe /c+dir 404 - 2005-05-23 03:11:35 67.174.115.120 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-23 03:11:35 67.174.115.120 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-23 03:11:35 67.174.115.120 - 10.0.0.2 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - 2005-05-23 03:11:35 67.174.115.120 - 10.0.0.2 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 - 2005-05-23 06:56:33 201.7.175.11 - 10.0.0.2 80 GET /forum/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:56:33 201.7.175.11 - 10.0.0.2 80 GET /phpBB/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:56:38 201.7.175.11 - 10.0.0.2 80 GET /iisstart.asp - 200 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:56:38 201.7.175.11 - 10.0.0.2 80 GET /forums/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:56:40 201.7.175.11 - 10.0.0.2 80 GET /phpbb/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:56:40 201.7.175.11 - 10.0.0.2 80 GET /board/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:56:45 201.7.175.11 - 10.0.0.2 80 GET /boards/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:56:45 201.7.175.11 - 10.0.0.2 80 GET /phpBB2/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:56:49 201.7.175.11 - 10.0.0.2 80 GET /msgboard/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:56:53 201.7.175.11 - 10.0.0.2 80 GET /foros/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:56:53 201.7.175.11 - 10.0.0.2 80 GET /portal/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:56:57 201.7.175.11 - 10.0.0.2 80 GET /chat/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:00 201.7.175.11 - 10.0.0.2 80 GET /phpBB1/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:03 201.7.175.11 - 10.0.0.2 80 GET /phpBB3/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:03 201.7.175.11 - 10.0.0.2 80 GET /phpBB4/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:07 201.7.175.11 - 10.0.0.2 80 GET /phpBB5/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:07 201.7.175.11 - 10.0.0.2 80 GET /forum1/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:16 201.7.175.11 - 10.0.0.2 80 GET /forum2/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:16 201.7.175.11 - 10.0.0.2 80 GET /forum4/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:20 201.7.175.11 - 10.0.0.2 80 GET /forum3/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:24 201.7.175.11 - 10.0.0.2 80 GET /foros/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:24 201.7.175.11 - 10.0.0.2 80 GET /msgboard/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:29 201.7.175.11 - 10.0.0.2 80 GET /boards/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:29 201.7.175.11 - 10.0.0.2 80 GET /comunity/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:30 201.7.175.11 - 10.0.0.2 80 GET /portal/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:34 201.7.175.11 - 10.0.0.2 80 GET /discussion/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:34 201.7.175.11 - 10.0.0.2 80 GET /education/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:36 201.7.175.11 - 10.0.0.2 80 GET /html/forum/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:40 201.7.175.11 - 10.0.0.2 80 GET /html/forums/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:40 201.7.175.11 - 10.0.0.2 80 GET /Forum/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:41 201.7.175.11 - 10.0.0.2 80 GET /Forums/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:41 201.7.175.11 - 10.0.0.2 80 GET /bb/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:45 201.7.175.11 - 10.0.0.2 80 GET /ugboard/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:45 201.7.175.11 - 10.0.0.2 80 GET /ugboards/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:53 201.7.175.11 - 10.0.0.2 80 GET /newboard/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:57 201.7.175.11 - 10.0.0.2 80 GET /newboards/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:57 201.7.175.11 - 10.0.0.2 80 GET /members/phpBB/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:58 201.7.175.11 - 10.0.0.2 80 GET /members/phpBB2/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:57:58 201.7.175.11 - 10.0.0.2 80 GET /members/phpbb/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:58:03 201.7.175.11 - 10.0.0.2 80 GET /portal/forum/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 06:58:03 201.7.175.11 - 10.0.0.2 80 GET /portal/forums/ - 404 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 2005-05-23 13:44:07 67.104.84.66 - 10.0.0.2 80 GET /NULL.printer - 501 - 2005-05-23 13:44:07 67.104.84.66 - 10.0.0.2 80 GET /NULL.printer - 501 - 2005-05-24 09:34:03 218.2.240.36 - 10.0.0.2 80 GET /x/maxwell/cgi-bin/prxjdg.cgi - 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) 2005-05-27 07:35:32 68.55.175.241 - 10.0.0.2 80 GET /cgi-bin/awstats/awstats.pl configdir=|%20id%20| 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 2005-05-27 07:35:34 68.55.175.241 - 10.0.0.2 80 GET /cgi-bin/awstats.pl configdir=|%20id%20| 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 2005-05-27 07:35:36 68.55.175.241 - 10.0.0.2 80 GET /cgi/awstats.pl configdir=|%20id%20| 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 2005-05-27 07:35:38 68.55.175.241 - 10.0.0.2 80 GET /iisstart.asp - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 2005-05-27 23:03:31 62.128.195.149 - 10.0.0.2 80 GET /cgi-bin/awstats/awstats.pl - 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 2005-05-27 23:03:31 62.128.195.149 - 10.0.0.2 80 GET /cgi-bin/awstats.pl - 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 2005-05-27 23:03:32 62.128.195.149 - 10.0.0.2 80 GET /cgi/awstats.pl - 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 2005-05-27 23:03:32 62.128.195.149 - 10.0.0.2 80 GET /awstats/awstats.pl - 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 2005-05-27 23:03:33 62.128.195.149 - 10.0.0.2 80 GET /cgi-bin/stats/awstats.pl - 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 2005-05-27 23:03:33 62.128.195.149 - 10.0.0.2 80 GET /stats/awstats.pl - 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 2005-05-27 23:03:35 62.128.195.149 - 10.0.0.2 80 GET /awstats.pl - 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 2005-05-27 23:03:35 62.128.195.149 - 10.0.0.2 80 GET /cgi/stats/awstats.pl - 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) "David Copeland [MSFT]" <davidcop(a)online.microsoft.com> wrote in message news:Oqwpj3SaFHA.2884(a)tk2msftngp13.phx.gbl... > > As a safety precaution can you put the internal nic on a hub by itself (or > at least shutdown all internal client machines/servers) and unplug the > external network cable and then reboot the server.. Does the > problem occur? If not, then can you configure the server (ISA/firewall) to > not allow any inbound traffic to the server (for example, disable inbound > packet filters, web publishing rules, and/or server publishing rules).. Then > plug in the external network cable and go to Windows Update and check to > see if you are missing any critical updates! And/or any other critical > updates. Might use something like MBSA to check the server as well. > > > -- > > Hope that helps, > David Copeland > Microsoft Small Business Server Support > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > SBS Newsgroups: > > SBS v4.x: microsoft.public.backoffice.smallbiz > SBS 2000: microsoft.public.backoffice.smallbiz2000 > SBS 2003: microsoft.public.windows.server.sbs > > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > news:eT616FSaFHA.2124(a)TK2MSFTNGP14.phx.gbl... > > From: "Fredly" <abc(a)email.com> > > > > Run a scan using the McAfee Command Line Scanner to see if there is > > anthing SAV missed. > > > > You can run it in Normal Mode if you like if you don't want to bring down > > the server. > > > > > > Dump the contents of the IE Temporary Internet Folder cache (TIF) > > Start --> Settings --> Control Panel --> Internet Options --> Delete Files > > > > Dump the contents of the Mozilla FireFox Cache { if you use FireFox } > > Tools --> Options --> Privacy --> Cache --> Clear > > > > > > Download CLEAN.EXE from the URL -- > > http://www.ik-cs.com/programs/virtools/clean.exe > > > > It is a self-extracting ZIP file that contains the Kixtart Script > > Interpreter > > { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart > > scripts, two Link > > (.lnk) files and a PDF instruction file. > > > > GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee > > Command Line > > Scanner. You may have to disable your FireWall or allow FTP.EXE to go > > through your FireWall > > to allow the FTP utility to download the needed files > > > > CLEAN.BAT -- For running within Windows after running > > c:\mcafee\GetFiles.BAT. If you choose > > to scan again at a future date, run this batch file. It will > > automatically check the date > > of the McAfee DAT files and if it is a couple of days old, it will > > download (FTP) the latest > > signature files and install them before performing the scan. > > > > DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is > > using FAT32 after > > you have booted from an Emergency Boot Disk or DOS disk and have already > > executed; > > c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be > > obtained from; > > http://www.bootdisk.com/bootdisk.htm > > > > I need you to perform the following... > > > > Execute; CLEAN.EXE > > Choose; Unzip > > Choose; Close > > > > Execute; c:\mcafee\GetFiles.BAT > > { or Double-click on 'GetFiles Link' in c:\mcafee } > > > > Reboot the PC into Safe Mode [F8 key during boot] > > > > Shutdown as many applications as possible ! > > It would also help for you to read - "How to perform a clean boot in > > Windows XP" > > http://support.microsoft.com/kb/310353 > > > > Execute; c:\mcafee\CLEAN.BAT > > { or Double-click on 'Clean Link' in c:\mcafee } > > > > A final report in HTML format called C:\mcafee\ScanReport.HTML will be > > generated. At the > > end of the scan, it will be displayed in your browser (Opera, FireFox or > > Internet Explorer). > > It is suggested that you move the report out of c:\mcafee before > > performing another scan. > > It would be a good idea to scan in Safe Mode and in Normal Mode and save a > > copy of the HTML > > report for each session. > > > > > > * * * Please report back your results * * * > > > > > > > > > > -- > > Dave > > http://www.claymania.com/removal-trojan-adware.html > > http://www.ik-cs.com/got-a-virus.htm > > > > > >
From: Fredly on 6 Jun 2005 23:05 So far so good since blocking port 80 and running patches... "Fredly" <abc(a)email.com> wrote in message news:#ACpFIRaFHA.2884(a)tk2msftngp13.phx.gbl... > The system can not log you on due to the following error. The network > request is not supported. > > Seems to be a rash of this problem in the last few days. Several people > reference a virus, worm or bot. > > http://www.experts-exchange.coým/Operating_Systems/Win2000/Q_ý21439641.... > > http://www.experts-exchange.coým/Operating_Systems/Win2000/Q_ý21443828.... > > I'm having trouble with exchange errors and then the system itself. I too, > ran into this one time a few weeks ago, then nothing until 6/1. Now it's > every few hours, hard boot, happens again. > > We run SAVCE 8.0 and it's defs are up to date. > > I going in to fight with this today. Anybody here anything new? I saw > someone already called MS. Any luck?? > >
First
|
Prev
|
Pages: 1 2 3 Prev: McAfee update: File SK_det.mcs is corrupt Next: Multiple epmap TCP connections established with one XP client |