G
Guest
hello
I'm running Win2k Pro. I checked nestat -a the other day and found out I'm connected to www.whitehouse.gov. I figured I must be infected with some kind of virus. None of my anti virus programs found anything. I did some research and found out it might be code red virus on IIS server. I tried to clean it with different clearners from eyee or MSFT but no luck. So I said no biggy I'll reinstall. I formated my partition and reinstalled win2k but virus was there again when i got online. weird stuff. I formated again and repartition thinking it might be in my mbr. but as soon as i start surfing around i get established connections to www.whitehouse.gov again.
nestat looks like this
TCP xxx:1191 www.whitehouse.gov:http ESTABLISHE
TCP xxx:1192 www.whitehouse.gov:http ESTABLISHE
TCP xxx:1193 www.whitehouse.gov:http ESTABLISHE
TCP xxx:1194 www.whitehouse.gov:http ESTABLISHE
TCP xxx:1202 uscu-secure01-1.symantec.com:https TIME_W
TCP xxx:1211 uscu-secure01-1.symantec.com:https TIME_W
TCP xxx:1215 66.102.9.104:http ESTABLISHE
TCP xxx:1217 origin2.microsoft.com:http ESTABLISHE
TCP xxx:1218 origin2.microsoft.com:http ESTABLISHE
if i nslookup www.whitehouse.gov i get akamai serve
Non-authoritative answer
Name: a1289.g.akamai.ne
Addresses: 193.189.170.198, 193.189.170.20
Aliases: www.whitehouse.gov, www.whitehouse.gov.edgesuite.ne
this are the replys I got from cleanup tools
Cleaning up Code Red Wor
If the system was internet-exposed, you should re-install syste
To disable IIS, invoke with -disable optio
This application does NOT apply the patc
See http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.as
Cannot open WWW Publishing Servic
Removing files created by wor
No files left by worm foun
Cannot open virtual roots ke
System File protection enable
Error opening IISAO - hr = 8004015
this I got from FixCRed cleaner
The valu
SFCDisabl
in the subke
Software\Microsoft\Windows NT\CurrentVersion\WinLogo
is reset to 0
Your computer does not appear to be vulnerable
The Trojan.VirtualRoot has not been found on your computer
thing i don't get is howcome none of the virus scanners and reformating/re partitioning didn't help so far. how can i get rid of this virus. im meantime when ill wait for your replys Im running baseline security analyzer in case it will found out anything.
thanks for your help and sugestion
keke
I'm running Win2k Pro. I checked nestat -a the other day and found out I'm connected to www.whitehouse.gov. I figured I must be infected with some kind of virus. None of my anti virus programs found anything. I did some research and found out it might be code red virus on IIS server. I tried to clean it with different clearners from eyee or MSFT but no luck. So I said no biggy I'll reinstall. I formated my partition and reinstalled win2k but virus was there again when i got online. weird stuff. I formated again and repartition thinking it might be in my mbr. but as soon as i start surfing around i get established connections to www.whitehouse.gov again.
nestat looks like this
TCP xxx:1191 www.whitehouse.gov:http ESTABLISHE
TCP xxx:1192 www.whitehouse.gov:http ESTABLISHE
TCP xxx:1193 www.whitehouse.gov:http ESTABLISHE
TCP xxx:1194 www.whitehouse.gov:http ESTABLISHE
TCP xxx:1202 uscu-secure01-1.symantec.com:https TIME_W
TCP xxx:1211 uscu-secure01-1.symantec.com:https TIME_W
TCP xxx:1215 66.102.9.104:http ESTABLISHE
TCP xxx:1217 origin2.microsoft.com:http ESTABLISHE
TCP xxx:1218 origin2.microsoft.com:http ESTABLISHE
if i nslookup www.whitehouse.gov i get akamai serve
Non-authoritative answer
Name: a1289.g.akamai.ne
Addresses: 193.189.170.198, 193.189.170.20
Aliases: www.whitehouse.gov, www.whitehouse.gov.edgesuite.ne
this are the replys I got from cleanup tools
Cleaning up Code Red Wor
If the system was internet-exposed, you should re-install syste
To disable IIS, invoke with -disable optio
This application does NOT apply the patc
See http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.as
Cannot open WWW Publishing Servic
Removing files created by wor
No files left by worm foun
Cannot open virtual roots ke
System File protection enable
Error opening IISAO - hr = 8004015
this I got from FixCRed cleaner
The valu
SFCDisabl
in the subke
Software\Microsoft\Windows NT\CurrentVersion\WinLogo
is reset to 0
Your computer does not appear to be vulnerable
The Trojan.VirtualRoot has not been found on your computer
thing i don't get is howcome none of the virus scanners and reformating/re partitioning didn't help so far. how can i get rid of this virus. im meantime when ill wait for your replys Im running baseline security analyzer in case it will found out anything.
thanks for your help and sugestion
keke