Windows

Hey,

Root.exe can be related to the Code Red virus. I would make sure that you do a Virus scan with an AV program that is running the latest scan definitions.

If you are running 2000 with IIS installed make sure that it is updated with the latest Microsoft patches.
http://tinyurl.com/7p51

Thanx

Go to Discussions and read 'Data transfer & Access.

With that, this: it has been found that a lot of components are used in the supposedly new box; and is it possible that there is an after hours user or someone who lost it in a transfer and it found a home here?

RIVER FREIGHT

Here's the link on how various security tools of ms products.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools.asp

Leopold

This server has been compromised, from what I have read. I think it is a "rootkit" which is never good.
The server probably needs to be patched now. I bet it is not on SP3, is it? If not, then it is vulnerable to the IIS Unicode Directory Traversal Exploit that did make CodeRed and Nimda so popular.
Lock this machine down now! Run anti-virus software on it to detect trojan files. Check out the firewall settings on whatever firewall protects it (if it IS protected by a firewall).
I think that "superrofl.exe" is a command prompt that allows the directory traversal to happen.

Sorry for the bad news.