Can someone tell me if this is hackers or win98 just logging info.
This is some copy paste from my PWS logs.

xx.xx.xx.xx - - [18/Sep/2001:09:29:17 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 604
xx.xx.xxx.xxx - - [18/Sep/2001:09:29:18 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 604
xx.xx.xxx.xxx - - [18/Sep/2001:09:29:20 -0600] "GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir HT

most of hte time just my web pages show up in the logs then I have been getting lots of these.
I am runnign ZA.
Thanks
bowtye

are you running IIS cause that is url exploit code ...... could be code red in the first two ... the third is a unicode exploit.

yep running win98se pws 3.0 or 4.0 .

have not really been following the code red.
Can you give a brief explaination??

I may have heard I am supposed to download a patch??

Thanks
bowtye

you might have the nimda virus,
link (http://www.cert.org/advisories/CA-2001-26.html)

Toby,
Thanks for the link. Yep seems that nimda was trying to attack my compuer. I shut down PWS this morning. I will scan all files.
I never did get the code red virus which this nimda works off of, so I should safe.