Microsoft Executable in Transit Detection
Critical Nessus Network Monitor Plugin ID 5701
SynopsisThe remote host may be compromised
DescriptionThis service appears to send a Microsoft Windows executable when a connection to it is established. This may be evidence of some malware which are known to propagate in this manner. There is not a file name associated with this executable. That is, the client created a TCP/IP connection to the host, at which time the host sent an executable back to the client. The PVS has determined that this is an Microsoft executable based upon the format of the binary.
SolutionCheck the host and disinfect / reinstall it if necessary.