TCPIP.SYS

[Guest]

My TS Server Bugchecked and restarted. I found an article pertaining to High Data Rates (Q318271). We researched this and the server does have SP4 installed, and all the requirements specified in the article. However the creation Date of this file reads 'December 31, 1979'. We reinstalled SP4 and the same date reappears. Next to a total rebuild what else might be a remedy..?

 

[Jetro]

You were hacked - this is Trojan file.
Real tcpip.sys is in %winnt%\system32\drivers and ServicePackFiles.

 

[Guest]

Is there anyway to identify the Trojan, and possibly clean it? Or is a rebuild necessary

----- Jetro wrote: ----

You were hacked - this is Trojan file
Real tcpip.sys is in %winnt%\system32\drivers and ServicePackFiles

 

[Jetro]

Common practice is a complete rebuild after the intrusion detected. That
includes an infrastructure security improvement like adding and tighten the
firewalls, anti-Trojan scanners, corporate internal policy, and training
local staff. You must abstain from installing the suspicious software as
well.
Try www.trojanscan.com from GFI.