Results 1 to 8 of 8
  1. #1
    2 Star Lounger
    Join Date
    May 2002
    Location
    Dubai, UAE, United Arab Emirates
    Posts
    105
    Thanks
    0
    Thanked 0 Times in 0 Posts

    PWS - Where From ?

    G'day All

    I re-install every 6-12 months or so and the last time I didn't put back on Personal Web Server. I've just recently tried to install and configure it because I'm back into web page development and I want my scripts tested locally. (Win 2k Pro Sp2). I installed and configured the server without a hitch.

    Now it's the next morning and my virus scanner has found Nimda in some of the scripts in the C:InetpubScripts folder.

    So I've deleted the affected files, and my source PWS folder, since that's where it must have come from. Then I went to re-download PWS for win2k. I vaguely remember I got it from MS associated with an SP for NT4 or somewhere strange like that. Shouldn't be too hard, should it ?

    Well - can't find it anywhere. Loads of articles in TechNet and KnowledgeBase in installing and configuring, most of which give a URL to download from, which doesn't work.

    Can anyone tell me where to get an up to date PWS or IIS for Win2k ?

    Regards Ken

  2. #2
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: PWS - Where From ?

    It should be included on your Windows CD-ROM. Use Add/Remove and then look under Add/Remove Windows Components.

    Oh yes, and make sure that you do yourself the kind favor of getting all of the security updates for IIS!
    -Mark

  3. #3
    2 Star Lounger
    Join Date
    May 2002
    Location
    Dubai, UAE, United Arab Emirates
    Posts
    105
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: PWS - Where From ?

    OK - now I'm really confused.

    Before I was just mildly confused. When I installed PWS - Contraty to waht I wrote previously - I tried the one I downloaded ages ago and it wouldn't run. So I had the idea of the Win2K cd and IIS was there - so I installed it. That's the installation that got the Nimda virus.

    So what do you think? I was infected with the Nimda virus (AVG Virus Scanner, up to date daily) or the windows CD was infected? (Genuine Original, WIn2kPro Sp2).

    Infected files were
    c:inetpubscriptstftp1244
    c:inetpubscriptstftp1808

    What's going on ??

    Regards Ken

  4. #4
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: PWS - Where From ?

    Ken, I find that really, really, insanely interesting. The reason? A friend of mine had the exact same thing happen on his Windows 2000 server. AVG complained and caught four different instances of the Nimda virus - two of which match what you posted exactly.

    It's certainly possible that the CD has the virus on it. My friend's scenario was indicative of this because all of the files were marked read-only, as they will be when copied from a CD.

    Just for grins and giggles, you might want to try scanning the CD to see if AVG picks it up. I'm going to check around and see if I can uncover more information on this, because twice is less a coincidence than one isolated occurance if you ask me. I'd also like to try a different AV scanner to see what it picks up.

    Allow AVG to fix the problems and you should be OK. I'm concerned now that there is a bigger problem with the CD itself. Was it W2K Server?
    -Mark

  5. #5
    2 Star Lounger
    Join Date
    May 2002
    Location
    Dubai, UAE, United Arab Emirates
    Posts
    105
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: PWS - Where From ?

    G'day Mark

    After I do a windows installation I copy the source folder (structure) to my hard drive and reset the registry's keys to point to it. Thus when I installed PWS the files came from my hard drive. I'm scanning the I386 folder now, but I scan the whole computer (all files) each night so I'd be surprised it it finds anything - if conatiminated the files concered are probably within a CAB file and so may not be detected. If I find an infection I'll check the original disk - Win2kPro SP2

    Tell me - Just to confirm - were the files infected on your friend's computer the same as mine ?

    Regards Ken

    P.S. Scan finished - no infected files.

  6. #6
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: PWS - Where From ?

    Yes - the files in INETPUB were identical. He also had a file named ADMIN.DLL in the root of each logical drive partition. And all that on a machine that was newly installed and wasn't set up with email to invite problems!
    -Mark

  7. #7
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Phoenix, Arizona, USA
    Posts
    265
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Re: PWS - Where From ?

    How about Microsoft themselves??? Take a gander at this, if it happened there what about other places? <img src=/S/shrug.gif border=0 alt=shrug width=39 height=15>
    Ed
    "Somebody left the cork out of my lunch." - W. C. Fields

  8. #8
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: PWS - Where From ?

    Ed, that's exactly what I am trying to suss out here. I checked with my friend that had this problem, and he tells me that he used a retail copy of Win2000 Server, and downloaded Service Pack 2. It was not a slip-streamed installation CD. I haven't gotten around to testing this personally because I don't have 2000 server installed on a test system at present, but....it could come from either the CD or the download. You're right, it wouldn't be the first time. <img src=/S/hmmn.gif border=0 alt=hmmn width=15 height=15>
    -Mark

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •