What was this script kiddie up to? 1

[spencertaylor]

Can anyone shed any light on this for me? The numbers after the 'URL' they were attempting to get to are the number of seconds they tried this.

Visitor 62.30.181.157 came at 09/05/2002 21:39:30with agent from and visited pages:
/scripts/root.exe 9.00
/MSADC/root.exe 0.00
/c/winnt/system32/cmd.exe 2.00
/d/winnt/system32/cmd.exe 1.00
/scripts/..%5c../winnt/system32/cmd.exe 0.00
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 2.00
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 0.00
/msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe 1.00
/scripts/..Á ../winnt/system32/cmd.exe 0.00
/scripts/winnt/system32/cmd.exe 1.00
/winnt/system32/cmd.exe 5.00
/scripts/..%2f../winnt/system32/cmd.exe 0.00

Visitor 62.30.181.157 came at 09/05/2002 22:54:31with agent from and visited pages:
/scripts/root.exe 0.00
/MSADC/root.exe 1.00
/c/winnt/system32/cmd.exe 0.00
/d/winnt/system32/cmd.exe 2.00
/scripts/..%5c../winnt/system32/cmd.exe 1.00
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 0.00

 

[epohl]

This appears to be an attempt to access the backdoor trojan that is left behind by the Code Red II virus. If this root.exe file actually exists in your scripts directory I would recommend scanning this server for viruses immediately.

 

[spencertaylor]

I'm clear of that file and thanks for your reply.

Most appreciated.