Do you run your check from the live WinNT4 OS (ie did let the server
to boot itself?)
Or did you boot it from a clean and safe OS with NTFS access to your
spuspicious drive?
Many viruses and worms uses rootkits to hide and they will not be
catched by AV's if you boot from the infected OS.
On 5 Aug 2005 at 10:41, Billy wrote:
> Hi all!
>
> We have a WinNT4 server that is running DNS for our WAN.
> Lately, it seems that our users who are browsing are being redirected
> elsewhere.
> A preliminary check of the system using Norton AV 2003 (fully-updated, of
> course) revealed no infections, but a scan with ClamAV (20050725, also
> fully-updated) reported the presence of "Exploit.HTML.MHTRedir-8" infection
> in our DNS server's pagefile.sys.
>
> A Google search about "Exploit.HTML.MHTRedir-8" showed only 4 links, none
> of which said anything much about the infection, except that it was first
> reported on July 26, 2005. It must indeed be a new virus/trojan.
>
> Does anyone else have more useful info about "Exploit.HTML.MHTRedir-8"? As
> in what it really does?
>
> Thanks in advance!
>
>
--
Simon Borduas, CISSP
Chief Security Officer / Chef de la sécurité
HyperTec Group / Groupe HyperTec
Tel: (514) 745.4540 x 5740
Fax: (514) 745.0937
http://www.hypertec-group.com
to boot itself?)
Or did you boot it from a clean and safe OS with NTFS access to your
spuspicious drive?
Many viruses and worms uses rootkits to hide and they will not be
catched by AV's if you boot from the infected OS.
On 5 Aug 2005 at 10:41, Billy wrote:
> Hi all!
>
> We have a WinNT4 server that is running DNS for our WAN.
> Lately, it seems that our users who are browsing are being redirected
> elsewhere.
> A preliminary check of the system using Norton AV 2003 (fully-updated, of
> course) revealed no infections, but a scan with ClamAV (20050725, also
> fully-updated) reported the presence of "Exploit.HTML.MHTRedir-8" infection
> in our DNS server's pagefile.sys.
>
> A Google search about "Exploit.HTML.MHTRedir-8" showed only 4 links, none
> of which said anything much about the infection, except that it was first
> reported on July 26, 2005. It must indeed be a new virus/trojan.
>
> Does anyone else have more useful info about "Exploit.HTML.MHTRedir-8"? As
> in what it really does?
>
> Thanks in advance!
>
>
--
Simon Borduas, CISSP
Chief Security Officer / Chef de la sécurité
HyperTec Group / Groupe HyperTec
Tel: (514) 745.4540 x 5740
Fax: (514) 745.0937
http://www.hypertec-group.com
[ reply ]