General discussion

Locked

Unknown bug in network...please help

By wburdine ·
I discovered Trusted Domain issue when I installed LANguard and did a scan on my network. On one system it looks like crLE?, the next like crLE?, the next like crLE??, and each one is slightly different, even after rebooting or rescanning the network.(more examples below) I was told by a security expert here in town that this was the Sadmine IIS virus, but after reading all I could I can't confirm this.
I rebuilt a server and installed the corporate version of Symantec's Enterprise Virus protection program ver 7.6. This did not even detect what this thing is. I had some issues with the systems after we got DSL, so when we switched to MPower DSL we used a Netopia 9100 and created some simple firewall policies, but I found it was not processing the info fast enough. At this point we got a Cisco PIX506 which processes the firewall policy quickly and delivers content faster. Since the installation of the PIX I have never recieved another alert on BlackICE or Zone Alarm. Testing with http://grc.com or http://scan.sygatetech.com/stealthscan.html could not find a hole. I have even stayed current with all the MS updates (which disappoints me to no end that the current news is this is not a good idea, due to one patch may undo another previous patch). But reguardless I believe I have a stable relatively secure setup in which common kiddie hackers won't play with. I just don't know what to do at this moment, some one must know
what this is so I can feel relatively safe putting my web server back online.

Thanks,
William Burdine
IS Manager - Alvarado Pharmacy

crLE?
?crLE?
crLE?
crLE ?
?crLE?
crLEp

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Unknown bug in network...please help

by wburdine In reply to Unknown bug in network... ...

Point value changed by question poster.

Collapse -

by wlbowers In reply to Unknown bug in network... ...

This is a backdoor worm program that affects systems that are running unpatched versions of Microsoft IIS or unpatched versions of Solaris.

If you are getting a virus detection on a desktop computer it is because it has visited an affected site.

Do a Search for the following file Backdoor.Sadmind.Dr

Delete any found files.

If you are running Microsoft IIS or Solaris, install the patches.

Great choice in the PIX. Hard as Bricks


Hope this helps

Lee

Back to Security Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums