RE: First time security issue.

> -----Original Message-----

I'd agree with Harlan here.

However, the process itself depends upon the business needs in front of the OP.

In any case, my suggestion would be to reinstall the system and apply all patches on it. Also, before this, OP should make a HDD image copy so he can do forensics on it and eventually find out what happened with it.

According to what the OP wrote, and as Harlan said as well, I doubt this is related to any Windows NT rootkit. Most of the cases I had experience with, and which had ServU/IRC-bot being setup, are related to script kiddies which just want to collect more machines and use public well-known exploits (or weak passwords etc.).

Best regards,

Bojan Zdrnja

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek