Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Does anyone know much about "Exploit.HTML.MHTRedir-8"?

from [Simon Borduas] Network Security [Permanent Link]
Subject: Re: Does anyone know much about "Exploit.HTML.MHTRedir-8"?
Date: Fri, 05 Aug 2005 10:30:47 -0400 
Do you run your check from the live WinNT4 OS (ie did let the server 
to boot itself?)

Or did you boot it from a clean and safe OS with NTFS access to your 
spuspicious drive?

Many viruses and worms uses rootkits to hide and they will not be 
catched by AV's if you boot from the infected OS.

On 5 Aug 2005 at 10:41, Billy wrote:


Hi all!

We have a WinNT4 server that is running DNS for our WAN.
Lately, it seems that our users who are browsing are being redirected 
elsewhere.
A preliminary check of the system using Norton AV 2003 (fully-updated, of 
course) revealed no infections, but a scan with ClamAV (20050725, also 
fully-updated) reported the presence of "Exploit.HTML.MHTRedir-8" infection 
in our DNS server's pagefile.sys.

A Google search about "Exploit.HTML.MHTRedir-8" showed only 4 links, none 
of which said anything much about the infection, except that it was first 
reported on July 26, 2005. It must indeed be a new virus/trojan.

Does anyone else have more useful info about "Exploit.HTML.MHTRedir-8"? As 
in what it really does?

Thanks in advance!




--
Simon Borduas, CISSP
Chief Security Officer / Chef de la sécurité
HyperTec Group / Groupe HyperTec
Tel: (514) 745.4540 x 5740
Fax: (514) 745.0937
http://www.hypertec-group.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Does anyone know much about "Exploit.HTML.MHTRedir-8"?, Billy
Next by Date:  Re: Does anyone know much about "Exploit.HTML.MHTRedir-8"?, reb93720
Previous by Thread:  Does anyone know much about "Exploit.HTML.MHTRedir-8"?, Billy
Next by Thread:  Re: Does anyone know much about "Exploit.HTML.MHTRedir-8"?, reb93720
Indexes:  [Date] [Thread] [Top] [All Lists]