Trojans in Exchange Log Files
During a routine deep virus scan we discovered two trojans in Exchange log files and we are not sure how to handle it. The virus report displays the following:
HTML ZEROLIN C C:\Program Files\Exchngsvr\mdbdata\E00000593.log 8/27/2004
JS ZEROLIN A C:\Program Files\Exchngsvr\mdbdata\E00006f1.log 9/27/2004
It is my understanding that neither of these is "cleanable." The general recommendation is to delete the files containing these trojans, however, I am under the impression that to delete these two log files could wreck havoc in my Excahnge Server.
Some advice would be appreciated.
Not sure about the criticality of those exchange log files but if your exchange server is any where near up to date on security patches, you should be safe enough. Pretty good discussion of this critter Here but basically it appears that if you have applied MS03-040, MS04-013, MS04-025 you will be OK.
I'm also unsure what deleting the logs would do, but the JS ZEROLIN A C:\Program Files\Exchngsvr\mdbdata\E00006f1.log 9/27/2004 file is very suspicious looking for sure. Notice it's dated for the 27th of this month, yet it's only the 17th? I personally would open them and try to locate the infection. No doubt some scripting, and should be able to spot it and edit it out.
Ooops, that date was a typo...should read 9/7/2004.
Thanks for suggestion...any additional thoughts?
|All times are GMT. The time now is 21:24.|
Powered by vBulletin® Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2002 - 2015 WindowsBBS.com. All rights reserved.
FDMA Media LLC