Security Incidents mailing list archives

Re: win2k server issue

From: H C <keydet89 () yahoo com>
Date: Thu, 27 Jun 2002 19:07:21 -0700 (PDT)

Russell,

There is a suspicious exe on the server in the c:
drive, mipckov.exe, and it
tried to access the Internet


1.  Could you zip up a copy of the EXE and send it to
me?
2.  What was the full path to the exe on the system?
3.  What port did the exe try to access?

We re-ran the mipckov
earlier this morning because
accounting was having a problem,


What do you mean, "re-ran" it?  You said it was
suspicious...why would you then go back and run it?




__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

win2k server issue RUSSELL T. LEWIS (Jun 27)
- Re: win2k server issue H C (Jun 28)
- RE: win2k server issue Kit (Jun 28)
- <Possible follow-ups>
- RE: win2k server issue McCammon, Keith (Jun 28)