 |
|
|
Family: Backdoors --> Category: infos
CodeRed version X detection Vulnerability Scan
Vulnerability Scan Summary
CodeRed version X detection
Detailed Explanation for this Vulnerability Test
Your machine is infected with the 'Code Red' worm. Your Windows system seems to be compromised.
Solution:
1) Remove the file root.exe from both directories:
\inetpub\scripts
and
\program files\common files\system\msadc
2) Install an updated antivirus program (this will remove the Explorer.exe Trojan)
3) Set SFCDisable in hklm\software\microsoft\windows nt\currentversion\winlogon to: 0
4) Remove the two newly created virtual directories: C and D (Created by the Trojan)
5) Make sure no other files have been modified.
It is recommended that hosts that have been compromised by Code Red X would reinstall the operating system from scratch and patch it accordingly.
Threat Level: High
Additional information:
http://www.securiteam.com/securitynews/5GP0V004UQ.html
http://www.securiteam.com/windowsntfocus/5WP0L004US.html
http://www.cert.org/advisories/CA-2001-11.html
http://www.microsoft.com/technet/itsolutions/security/tools/redfix.asp
Click HERE for more information and discussions on this network vulnerability scan.
|
|
|
|
|
