BoxPoison.worm virus?? - Veritas Backup Exec

This is a discussion on BoxPoison.worm virus?? - Veritas Backup Exec ; Received message during BackUpExec on NT2000 server that 16 files were infected with SunOS/BoxPoison.worm and that BackUpExec was unable to clean them. Seems file list only contains .htm files. Can not find any info on the web (veritas, sarc, symantec, ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: BoxPoison.worm virus??

  1. BoxPoison.worm virus??


    Received message during BackUpExec on NT2000 server that 16 files were infected
    with SunOS/BoxPoison.worm and that BackUpExec was unable to clean them. Seems
    file list only contains .htm files. Can not find any info on the web (veritas,
    sarc, symantec, etc) on BoxPoison.worm virus. Does anyone know what it is
    and how to get rid of it?

  2. Re: BoxPoison.worm virus??

    mcafee.com would be another one to check

    "George Gunzelman" wrote in message
    news:3b28c5e1$1@hronntp01....
    >
    > Received message during BackUpExec on NT2000 server that 16 files were

    infected
    > with SunOS/BoxPoison.worm and that BackUpExec was unable to clean them.

    Seems
    > file list only contains .htm files. Can not find any info on the web

    (veritas,
    > sarc, symantec, etc) on BoxPoison.worm virus. Does anyone know what it is
    > and how to get rid of it?




  3. Re: BoxPoison.worm virus??

    Sandmind/IIS worm. Check here
    (http://www.cert.org/advisories/CA-2001-11.html). Also Check
    Microsoft.Public.Win2000.Security and Microsoft.Public.Inetserver.IIS.
    There are TONS of posts regarding this hack.

    Check your drive for "root.exe" and delete it. Make sure you install Win2K
    SP2, apply MS Security Patch MS01-026
    (http://www.microsoft.com/technet/security/current.asp), and all other
    relevant security patches for your MS products. The MS01-026 patch contains
    all security fixes (to date) for IIS. Also, subscribe to the MS Security
    Bulletin notification (www.microsoft.com/technet/security) and CERT Advisory
    bulletins (http://www.cert.org/contact_cert/certmaillist.html). That will
    notify you via email on newly released security patches and security
    advisories.

    This was only a defacement to default.* and index.*. Make sure you check
    your IIS logs daily for weird entries.




    "Dan Billingsley" wrote in message
    news:3b29101d@hronntp01....
    > mcafee.com would be another one to check
    >
    > "George Gunzelman" wrote in message
    > news:3b28c5e1$1@hronntp01....
    > >
    > > Received message during BackUpExec on NT2000 server that 16 files were

    > infected
    > > with SunOS/BoxPoison.worm and that BackUpExec was unable to clean them.

    > Seems
    > > file list only contains .htm files. Can not find any info on the web

    > (veritas,
    > > sarc, symantec, etc) on BoxPoison.worm virus. Does anyone know what it

    is
    > > and how to get rid of it?

    >
    >




+ Reply to Thread