Cementman
join:2004-04-18 | NTFS16.EXE
Has anybody herd of this it has strangely started to show up when i start up my comp i hope this is the writ thread for this question is there a way to remove this my virus scanners pick up nothing ?? |
|
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH | ntfs16.exe is commonly associated with a worm infection:
»www.sophos.com/virusinfo/analyse···tly.html |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to Cementman
And it's very nasty too. You should consider that your computer may have been compromised and you should take all precaution to protect your accounts. I would not even trust a PC that had a backdoor installed on it...best recommendation - back up your data and reformat/reinstall to be sure. I'm not sure the virus scanners will undo the damage this one can do:
W32/Rbot-LY
Type
* Spyware Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Steals information
* Reduces system security
* Records keystrokes
* Installs itself in the Registry
* Exploits system or software vulnerabilities
W32/Rbot-LY spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilites (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-LY can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-LY can be used to:
start a proxy server
create screen/webcam captures
enable remote login (rlogin)
log keystrokes on the infected computer
filesystem manipulation
start/stop system services
take part in denial of service attacks (DoS)
send email
Patches for the operating system vulnerabilities exploited by W32/Rbot-LK can be obtained from Microsoft at:
»www.microsoft.com/technet/securi···011.mspx
»www.microsoft.com/technet/securi···039.mspx
»www.microsoft.com/technet/securi···007.mspx
»www.microsoft.com/technet/securi···059.mspx
This is our standard response, but I'm not sure cleaning alone will assure you that PC is safe.
»Security »I think my computer is infected or hijacked. What should I do?
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| Not that she needs backing up at all, from the likes of me especially; but I 100% agree with CalamityJane  , upon looking further into W32/RBot-LY, that you would by far be best to carefully back up important data (I say 'carefully', because you want to avoid carrying over anything that might cause you to get re-infected later), and format that puppy and start over.
Unfortunately, once this sort of thing gets on there, you often have no idea what other sorts of nasties could have been planted. I don't like crying that the sky is falling; But this is definitely a risk for the sort of thing that can make one fall victim to identity theft, and the like.
always sorry to be one helping to deliver bad news 
--
I am the sole arbiter of what is important enough to spend my time on - not anyone else here, or anywhere else. You take care of yourself, and leave me to me, got it? |
|
