-
October 1st, 2003, 06:09 PM
#1
Desktop DNS settings suspiciously changed pointing to Internet sites
Someone reported in NTBugtraq that the DNS server settings on their desktops are getting changed to point to 2 IP addresses on the Internet (216.127.92.38 and 69.51.146.14).
It has affected W2K Pro workstations and Registry entries have been added/changed. One interesting one is:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\windows]
"r0x"="your s0x"
Has anyone else seen this? I'm concerned...ok maybe paranoid (call me that if you want)...that this maybe a new worm/virus.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|