UVMRESNET Archives

January 2007

UVMRESNET@LIST.UVM.EDU

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Greg Miller <[log in to unmask]>
Reply To:
Resnet Forum <[log in to unmask]>
Date:
Thu, 18 Jan 2007 14:48:55 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (57 lines)
A laptop was brought to me this morning with complaints of symantec AV
giving errors. The error was that it had found a virus. The virus is
being classified as a Trojan, and is named virtualdns.dll, located in
the \windows\ directory. Perhaps this is a related issue, however we
have not noticed any rogue dns activity.

Greg Miller
ResNet Technician
University of Pittsburgh Bradford


-----Original Message-----
From: Resnet Forum [mailto:[log in to unmask]] On Behalf Of Bill
Davis
Sent: Thursday, January 18, 2007 11:03 AM
To: [log in to unmask]
Subject: DNS server detected on XP systems

While tracking down a rougue DHCP server, we noticed there were a number
of
users whose systems were acting as DNS forwarding servers.  These
systems
were all XP flavors and to my knowledge should not even have DNS server
capability.

We have run full AV/AS scans and found nothing.  Only one of about 25 so
far
identified with these DNS servers was actually rooted to the best of our
knowledge.  At this point, my only recommendation to the users is to
rebuild
their systems.

Has anyone else come across this problem and found evidence of an
infection
or other reason why a DNS server would be running on an XP system?

-Bill
Bill Davis
Network Security Administrator
Housing Technology Services
Colorado State University
[log in to unmask]

___________________________________________________
You are subscribed to the ResNet-L mailing list.

To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________

___________________________________________________
You are subscribed to the ResNet-L mailing list.

To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________

ATOM RSS1 RSS2