Windows BBS

Windows BBS (
-   Malware and Virus Removal Archive (
-   -   Trojans in Exchange Log Files (

hkelley 17th September 2004 12:45

Trojans in Exchange Log Files
During a routine deep virus scan we discovered two trojans in Exchange log files and we are not sure how to handle it. The virus report displays the following:

HTML ZEROLIN C C:\Program Files\Exchngsvr\mdbdata\E00000593.log 8/27/2004
JS ZEROLIN A C:\Program Files\Exchngsvr\mdbdata\E00006f1.log 9/27/2004

It is my understanding that neither of these is "cleanable." The general recommendation is to delete the files containing these trojans, however, I am under the impression that to delete these two log files could wreck havoc in my Excahnge Server.

Some advice would be appreciated.

Newt 17th September 2004 15:55

Not sure about the criticality of those exchange log files but if your exchange server is any where near up to date on security patches, you should be safe enough. Pretty good discussion of this critter Here but basically it appears that if you have applied MS03-040, MS04-013, MS04-025 you will be OK.

noahdfear 17th September 2004 16:33

I'm also unsure what deleting the logs would do, but the JS ZEROLIN A C:\Program Files\Exchngsvr\mdbdata\E00006f1.log 9/27/2004 file is very suspicious looking for sure. Notice it's dated for the 27th of this month, yet it's only the 17th? I personally would open them and try to locate the infection. No doubt some scripting, and should be able to spot it and edit it out.

hkelley 17th September 2004 17:23

Ooops, that date was a typo...should read 9/7/2004.

Thanks for suggestion...any additional thoughts?

All times are GMT. The time now is 21:24.

Powered by vBulletin® Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright 2002 - 2015 All rights reserved.
Terms of Use, Legal Information & Privacy Policy

Page generated in 0.02853 seconds with 7 queries