|
Posted by =?Utf-8?B?UGFuZGFfbWFu?= on June 1, 2006, 4:45 pm
If you were Registered and logged in, you could reply and use other advanced thread options
"Fabio" wrote:
> I have a w2003 r2 server with iis6 and ftp ,smtp and terminal server
> active.
> The iis6 is active for asp page and php page.
> The two site in this web server allow upload image for the community.
> Recently the server are infected by backdoor trojan etc.
> I scan with many antivirus,antispyware etc and i think the server is
> now clean.
> But often, i see two service (spyware) installed and started :
>
> D.N.S. DNS Server service (dns.exe) (not real dns)
> Remote Administrator Service (r_server.exe)
>
> I remove with
> sc delete
>
> But often this two service is reinstalled, antivirus often clean
> another files backdoor etc.
>
> I don't understand how a user web account with your privileges succeeds
> to install a service
> if the install service is only admin privileges?
>
> The http upload can bypass script controll estension but the http
> privileges cannot install a service.
> yesterday this backdoor restart the server and tried to register to web
> site a wrong url
> that deactivated the service ( es.of wrong url :
> http://www.mysite.it:80:localIP/).
> How is possible by scripting with web privileges?
> How Is possible by scripting increase the privileges?
>
> HELP ME
>
>
Scan and clean your computer using the instructions in my site:
http://pandaman.my.contact.bg
because I think it is possible for the server to be infected and not cleaned
I'm not an expert for servers so for qualitive answer to your other
questions , I hope someone else reply to you.
Panda_man
--
Bronze level Contributor
http://pandaman.my.contact.bg
Please , rate posts
| 
XML site map