Problem solve Get help with specific problems with your technologies, process and projects.

My IIS log files show traces of a Nimda-like virus. Am I still infected?

My IIS log files show traces of a Nimda like virus: GET /scripts/%5 etc. I have the current patches installed and...

my virus protection is up-to-date. I have even run the fix tools for Nimda and Code Red. Still the entries in the log files appear. Can you help me get rid of these? These requests are normal, and occur regardless of whether you are vulnerable. In fact, you'll see those requests even if your Web server is running Linux and Apache. So, there's no reason to be alarmed. I still see about 1200 attacks per day on my personal Web server. Attacks on my Web site can be viewed here, if you're curious:


One way to secure your site *and* remove the requests from the log is to install Microsoft's URLScan utility, available here:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32571 I highly recommend installing URLScan--it's an excellent way to prevent infection by future worms and viruses.

This was last published in October 2001

Dig Deeper on Windows Operating System Management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.