I’n running W2K + the latest version of Avast! + Zonealarm
Just stumbled across something interesting. I don’t know where it came from but I suspect its been around on my Pc for some time.
Nrtvaer.exe installed itself in c:\winnt\system32\netvaer.exe along with a program named noview.exe
Made a start up entry in the Registry to run
noview.exe netvaer.exe
netvaer.exe installs itself as a process. which you can’t delete the file without killing the process.
netvaer.exe has even got the cheek to add itself to the add/remove programs panel.
It represents itself with the logo of a very old MIRC release.
Anyway once the beast is running it appears to act as a DCC server.
Point is Avast! didn’t catch it on a full scan.
My machines tend to stay on indefinately and the only reason I caught it was because I have set up a Linux box with IP masquerading. It was when I was setting up the Linux firewall that I saw lots of ports sending packets to some clown at 209.126.191.3 (irc.beerbeerbeer.net).
I think this definately qualifies as a Trojan that Avast should catch.
What say you ?