MSLV.exe

From: Rob Keown (Keownat_private)
Date: Wed Nov 21 2001 - 14:58:10 PST

Next message: Pascal Nobus: "Re: Questions = Thanks"

Previous message: Ihsahn Diablo: "RE: Questions = Thanks"
Next in thread: Rob Keown: "RE: MSLV.exe"
Reply: Rob Keown: "RE: MSLV.exe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am in heads down mode investigating an infection. The culprit is a file in
root of c: of an NT4 SP6 machine supposedly patched IIS.

MSLV.exe is in the root and contains Nimda-like exploit strings.

Don't have time to go into detail. Can't find reference to mslv.exe
anywhere.

Anyone know of this?

Rob Keown

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Pascal Nobus: "Re: Questions = Thanks"
Previous message: Ihsahn Diablo: "RE: Questions = Thanks"
Next in thread: Rob Keown: "RE: MSLV.exe"
Reply: Rob Keown: "RE: MSLV.exe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Nov 21 2001 - 15:18:56 PST