Security Basics mailing list archives
W2k SP4 strange DCOM event in eventlog
From: Matthias Güntert <MatzeGuentert () gmx de>
Date: Tue, 12 Aug 2003 09:04:06 +0200 (MEST)
Hello Today i have recognized a strange event in the eventlog of our companies Windows 2000 (SP4) DCs witch has every patch applied provided by microsoft: Eventid: 100006, Source: DCOM Dcom got error "class not registered" from the computer 192.168.100.4 when attempting to activate the server: {D99E6E73-FC88-11D0-B498-00A0C90312F3} 192.168.100.4 is our exchangeserver witch pop's the mails from a suse linux 7.3 box standing in the dmz. I have searched www.eventid.net for that, but couldnt figure out why this has happens. I have already searched the regestry for that key. I am concerned because of the new worm blaster! Was that a unsuccessful attempt of the DCOM exploit?? Sorry for my bad english, hope someone can help me out... Best Regards Matthias Güntert -- COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test -------------------------------------------------- 1. GMX TopMail - Platz 1 und Testsieger! 2. GMX ProMail - Platz 2 und Preis-Qualitätssieger! 3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8. e-Post --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- W2k SP4 strange DCOM event in eventlog Matthias Güntert (Aug 12)