Test ID:	1.3.6.1.4.1.25623.1.0.10713
Category:	Malware
Title:	Code Red X Worm Detection - Active Check
Summary:	Your machine is infected with the 'Code Red' worm. Your Windows system seems to be compromised.
Description:	Summary: Your machine is infected with the 'Code Red' worm. Your Windows system seems to be compromised. Solution: 1) Remove the file root.exe from both directories: \inetpub\scripts and \program files\common files\system\msadc 2) Install an updated antivirus program (this will remove the Explorer.exe Trojan) 3) Set SFCDisable in hklm\software\microsoft\windows nt\currentversion\winlogon to: 0 4) Remove the two newly created virtual directories: C and D (Created by the Trojan) 5) Make sure no other files have been modified. It is recommended that hosts that have been compromised by Code Red X would reinstall the operating system from scratch and patch it accordingly. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0500 BugTraq ID: 2880 http://www.securityfocus.com/bid/2880 Bugtraq: 20010618 All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access) (Google Search) http://www.securityfocus.com/archive/1/191873 http://www.cert.org/advisories/CA-2001-13.html Computer Incident Advisory Center Bulletin: L-098 http://www.ciac.org/ciac/bulletins/l-098.shtml Microsoft Security Bulletin: MS01-033 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197 http://www.iss.net/security_center/static/6705.php
Copyright	Copyright (C) 2001 SecuriTeam

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.