IIS Logfile

Jeremey · Jul 17, 2003

I know most of this is from the net trying to infect my computer, but the very bottom of my log file has these weird characters. My system is completely up to date and everything is current. I use Norton Antivirus 8.07.17C with the most current Virus Definitions. I run WINXP and IIS 5.1. I just don't understand why this garbled ASCII is at the end, and stays at the end of the logfile. Any new log entry is posted right above it, and it pushes the multi-character text down. There is a lot more of that text that I have provided, 17,358 characters to be exact. Any ideas?

#Software: Microsoft Internet Information Services 5.1
#Version: 1.0
#Date: 2003-07-18 01:04:11
#Fields: date time c-ip cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status time-taken cs-version cs-host cs(User-Agent) cs(Referer)
2003-07-18 01:04:11 4.35.184.33 GET /scripts/root.exe /c+dir 404 3 516 HTTP/1.0

http://www -

-
2003-07-18 01:04:13 4.35.184.33 GET /MSADC/root.exe /c+dir 404 3 16 HTTP/1.0

http://www -

-
2003-07-18 01:04:17 4.35.184.33 GET /c/winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:04:19 4.35.184.33 GET /d/winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:04:21 4.35.184.33 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:04:23 4.35.184.33 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:04:26 4.35.184.33 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:04:29 4.35.184.33 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe /c+dir 404 3 15 HTTP/1.0

http://www -

-
2003-07-18 01:04:32 4.35.184.33 GET /scripts/..Á../winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:04:34 4.35.184.33 GET /scripts/winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:04:37 4.35.184.33 GET /winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:04:40 4.35.184.33 GET /winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:04:42 4.35.184.33 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:04:43 4.35.184.33 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:04:43 4.35.184.33 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:04:45 4.35.184.33 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 404 3 0 HTTP/1.0

http://www -

-
2003-07-18 01:32:33 4.35.26.127 GET /index.htm - 200 0 812 HTTP/1.1

http://www.jeremey.net

Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+DigExt) -
2003-07-18 01:32:33 4.35.26.127 GET /menu.htm - 200 0 16 HTTP/1.1

http://www.jeremey.net

Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+DigExt) -
PšŠ([‰Fê‰VìÿvøÿvúŠFü*äPÿvÿvš)(ƒÄ
‰Fî‰VðFêVì‰Fò‰VôRPÿvøÿvúŠNü*íQÿvÿv‹ð‹úšj)(ƒÄj j ÿvðÿvîÿvìÿvêŠFü*äPÿvÿvšÌpƒÄj j ÿvðÿvîÿvìÿvêŠFü*äPÿvÿvš4péAFöPFøPFúPFüPŠFþPŠF
Pÿvÿvš(ƒÄöF
uŠFü*äPÿvÿvšp*(ƒÄë5öF
uÿvÿvšØ(ƒÄ*ä‰FêÇFì ëÿvÿvšØ(ƒÄPšŠ([‰Fê‰VìÿvøÿvúŠFü*äPÿvÿvš)(ƒÄ
‰Fî‰VðFêVì‰Fò‰VôRPÿvøÿvúŠNü*íQÿvÿv‹ð‹úšj)(ƒÄWVŠFü*äPÿvÿvš$pƒÄ
WVŠFü*äPÿvÿvšjpé†FöPFøPFúPFüPŠFþPŠF
Pÿvÿvš(ƒÄöF
uŠFü*äPÿvÿvšp*(ƒÄë5öF
uÿvÿvšØ(ƒÄ*ä‰FêÇFì ëÿvÿvšØ(ƒÄPšŠ([‰Fê‰VìÿvøÿvúŠFü*äPÿvÿvš)(ƒÄ
‰Fî‰VðÄ^&ŠG3% +ÒFêVìFîVð‰Fò‰VôRPÿvøÿvúŠFü*äPSšj)(ƒÄÄ^&ŠG3% j PÿvðÿvîÿvìÿvêŠFü*äPSšÌpƒÄÄ^&ŠG3% j PÿvðÿvîÿvìÿvêŠFü*äPSš4pƒÄÿvôÿvòŠFü*äPÿvÿvš$pƒÄ
ÿvôÿvòŠFü*äPÿvÿvšjpƒÄ
ÿvôÿvòéFöPFøPFúPFüPŠFþPŠF
Pÿvÿvš(ƒÄöF
uŠFü*äPÿvÿvšp*(ƒÄë5öF
uÿvÿvšØ(ƒÄ*ä‰FêÇFì ëÿvÿvšØ(ƒÄPšŠ([‰Fê‰VìÿvøÿvúŠFü*äPÿvÿvš)(ƒÄ
‰Fî‰VðÄ^&ŠO3ƒá+ÁƒÚ +FêVì‰Fò‰VôRPÿvøÿvúŠFü*äPSšj)(ƒÄÄ^&ŠG3% j PÿvìÿvêÿvðÿvîŠFü*äPSš(pƒÄÄ^&ŠG3% j PÿvìÿvêÿvðÿvîŠFü*äPSš¬péšþFöPFøPFúPFüPŠFþPŠF
Pÿvÿvš(ƒÄöF
uŠFü*äPÿvÿvšp*(ƒÄë5öF
uÿvÿvšØ(ƒÄ*ä‰FêÇFì ëÿvÿvšØ(ƒÄPšŠ([‰Fê‰VìÿvøÿvúŠFü*äPÿvÿvš)(ƒÄ
‰Fî‰Vð#Fê#VìéFöPFøPFúPFüPŠFþPŠF
Pÿvÿvš(ƒÄöF
uŠFü*äPÿvÿvšp*(ƒÄë5öF
uÿvÿvšØ(ƒÄ*ä‰FêÇFì ëÿvÿvšØ(ƒÄPšŠ([‰Fê‰VìÿvøÿvúŠFü*äPÿvÿvš)(ƒÄ
‰Fî‰Vð+FêVì‰Fò‰VôRPÿvøÿvúŠNü*íQÿvÿv‹ð‹úšj)(ƒÄj j ÿvìÿvêÿvðÿvîŠFü*äPÿvÿvš(pƒÄj j ÿvìÿvêÿvðÿvîŠFü*äPÿvÿvš¬pƒÄWVŠFü*äPÿvÿvš$pƒÄ
WVŠFü*äPÿvÿvšjpƒÄ
WVŠFü*äPÿvÿvš°pƒÄ
éÈFöPFøPFúPFüPŠFþPŠF
Pÿvÿvš(ƒÄöF
uŠFü*äPÿvÿvšp*(ƒÄë5öF
uÿvÿvšØ(ƒÄ*ä‰FêÇFì ëÿvÿvšØ(ƒÄPšŠ([‰Fê‰VìÿvøÿvúŠFü*äPÿvÿvš)(ƒÄ
‰Fî‰Vð3Fê3Vì‰Fò‰VôRPÿvøÿvúŠNü*íQÿvÿv‹ð‹úšj)(ƒÄWVŠFü*äPÿvÿvšjpƒÄ
WVŠFü*äPÿvÿvš$pƒÄ
WVŠFü*äPÿvÿvš°pƒÄ
Ä^&g2þþéFöPFøPFúPFüPŠFþPŠF
Pÿvÿvš(ƒÄöF
uŠFü*äPÿvÿvšp*(ƒÄë5öF
uÿvÿvšØ(ƒÄ*ä‰FêÇFì ëÿvÿvšØ(ƒÄPšŠ([‰Fê‰VìÿvøÿvúŠFü*äPÿvÿvš)(ƒÄ
‰Fî‰Vð+FêVì‰Fò‰Vôj j ÿvìÿvêÿvðÿvîŠNü*íQÿvÿv‹ð‹úš(pƒÄj j ÿvìÿvêÿvðÿvîŠFü*äPÿvÿvš¬pƒÄWVŠFü*äPÿvÿvš$pƒÄ
WVŠFü*äPÿvÿvšjpƒÄ
WVŠFü*äPÿvÿvš°pƒÄ
öF
u*öFütŠFêPÿvø‹F‹V-¥>RPš¸ ƒÄëJŠFêPjëãöFütÿvêÿvøëÿvêj‹F‹V-¥>RPšh ëÎ= wÀ“.ÿ§=çüõ[+… ^_ÉËÈ öF
uÇFþ ëÄ^&€E tÇFþ ëÇFþ j ÿvþÿvÿvšÐ)(ƒÄ‰Fö‰Vøÿvþÿvÿvšp*(ƒÄ‰Fò‰VôÄ^&ŠG3% +ÒFòVôFöVø‰Fú‰VüRPj ÿvþSš*(ƒÄÄ^&ŠG3% j PÿvøÿvöÿvôÿvòÿvþSšÌpƒÄÄ^&ŠG3% j PÿvøÿvöÿvôÿvòÿvþSš4pƒÄÿvüÿvúÿvþÿvÿvš$pƒÄ
ÿvüÿvúÿvþÿvÿvšjpƒÄ
ÿvüÿvúÿvþÿvÿvš°pÉËÈ NöQVøRVúRVüRÿvÿvšØ(ƒÄˆFþPŠF
Pÿvÿvš(ƒÄÿvöŠFü*äPÿvÿvšÐ)(ƒÄ‰Fî‰VðÿvøÿvúŠFü*äPÿvÿvš)(ƒÄ
‰Fò‰VôFîVð‰Fê‰VìöF
uRPÿvøÿvúŠFü*äPÿvÿvšj)(ƒÄëRPÿvöŠFü*äPÿvÿvš*(ƒÄj j ÿvðÿvîÿvôÿvòŠFü*äPÿvÿvšÌpƒÄj j ÿvðÿvîÿvôÿvòŠFü*äPÿvÿvš4pƒÄÿvìÿvêŠFü*äPÿvÿvš$pƒÄ
ÿvìÿvêŠFü*äPÿvÿvšjpƒÄ
ÿvìÿvêŠFü*äPÿvÿvš°pÉËÈ WVöF
uÇFò ëÄ^&€E tÇFò ëÇFò j ÿvòÿvÿvšÐ)(ƒÄ‰Fø‰Vúÿvòÿvÿvšp*(ƒÄ‰Fô‰VöFøVúRPj ÿvòÿvÿv‹ð‹úš*(ƒÄj j ÿvúÿvøÿvöÿvôÿvòÿvÿvšÌpƒÄj j ÿvúÿvøÿvöÿvôÿvòÿvÿvš4pƒÄWVÿvòÿvÿvš$pƒÄ
WVÿvòÿvÿvšjpƒÄ
WVÿvòÿvÿv

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

IIS Logfile

Jeremey

Programmer

Similar threads

Part and Inventory Search

Sponsor