Niel
Mon Jan 05 16:40:24 CST 2004
Yes I hope I have cleaned the virus,
I again download both the patches Code Red Worm patch and Code Red Worm II
patch.
I couldn't install the first patch as it said that I already had a higher
version of service pack and so the patch won't run.
Howerver I could install and run the 2nd patch i.e Code Red Worm II patch
and have restrated it again.
After I restrarted a text file was created on desktop which is as follows
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~
Cleaning up Code Red Worm
If the system was internet-exposed, you should re-install system
To disable IIS, invoke with -disable option
This application does NOT apply the patch
See
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-033.asp
Shutting down IIS
IIS Service stopped
Removing files created by worm
No files left by worm found
Removing virtual roots from the registry that may have been left by worm
This does not unmap virtual roots from the IIS metabase
/Scripts removed
/msadc removed
System File protection enabled
IIS Service could not be restarted
Metabase successfully backed up to CodeRedCleanup_Backup
Searching for virtual roots left by the worm in IIS
Cannot get access permissions for /LM/W3SVC/1/Root/PBSData/ - err = 51201
No virtual roots left by worm found
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~
I guess this pretty much explains that now all the files (if any) created by
worm have been removed.
If not then tell if there is still some problem and what next should I do.
Thanks
"Mike Florio" <mike@micro-point.com> wrote in message
news:vvj879qrdc3lee@corp.supernews.com...
> Did you clean the virus from the server ? The MS patch will only insure
you
> don't get it again.
>
> "Niel" <nandip2k4@vippowernet.com> wrote in message
> news:ezocb960DHA.1752@tk2msftngp13.phx.gbl...
> > Hello friends,
> > I am not sure if i am posting to the correct group but if anyone has
an
> > idea about this and the possible solution or the link to that solution
> then
> > please let me know
> > We have out website running on Windows 2000 - IIS 5.0. Everything was
> > working fine but since last few days my IIS Services get stopped
> > unexpectedly.
> > When i check in even viewer i see the message saying
> >
> > a) "The World Wide Web Service got terminated unexpectedly. It has been
> done
> > __ time(s)"
> > b) "The ISIS Admin Service got terminated unexpectedly. It has been
done
> __
> > time(s)"
> > c) "The Simple Mail Transport Protocol got terminated unexpectedly. It
> has
> > been done __ time(s)"
> >
> > After i restart those services again, everything starts working fine.
But
> > then again in a day or two its stops unexpectedly.
> > I have read about this at number of place. At few places it says that
the
> > computer is infected with the code Red worm.
> > I installed the patch for Code Red II from the microsoft website last
> week
> > and after installing i restarted the computer. For 3-4 days i had no
> problem
> > so i thought that the issue was resolved and that the worm must be
causing
> > the problems, but again today the services were stopped.
> >
> > Can anyone give me an idea about what wrong is going on and what should
i
> do
> > to resolve this issue.
> >
> > Thanks
> >
> >
>
>