I amusing 3 diffrent virues programs to try to stop the flood.
Recently I have started using better firewall, an applications-rule-based firewall inet security program. It seems to be helping.
On thing I have found is a file “nt.exe” in c:\
This file attempts to connect to 81.19.72.10 using port 25 (mail.)
Thus, I am thinking it is a mailer worm.
I can delete the file and it returns. I can’t seem to trace the process causing it to come back.
HELP!
[size=2][size=2]WARNING ATTACHED IS THE FILE IN QUESTION TREAT WITH CARE!!![/size][/size]
It is named nt.txt but is actualy a .rar file. I am not sure if this is the place to send such files. If not, somebody inform me and I won’t send them again.
Another problem I am having, which I am thinking is another virus, is I can no longer PASTE in any application. Any thoughts?
The nt.txt file is infected. You are more than likely infected with the Hopel virus.
W97M.Hopel.A is a macro virus that infects Microsoft Word documents when you click Open, Close, Save, New, or Exit. This virus has many different payloads that it can execute on Exit.
If an infected document is double-clicked, the virus saves the infected document as C:\Windows\Command\Nt.txt.
Firstly, DO NOT SEND INFECTED FILES AS ATTACHMENTS UNLESS REQUESTED. Thank you.
Secondly, do you have Avast installed on your computer?
If so, did you run a full scan? Avast should detect the macro virus and allow you to remove it. You can also try free online virus scanners such as the one offered by Trend Micro.
The site address you provided returns to Mail Gate. The site is in a foreign language not familiar to me but the use of the word “gate” indicates some sort of mail forwarding service.
whocares,
Usually, I do a Google search for background and then decide where to swing over for detailed information and recovery instructions. This time Sophos won.
Since there are many viri that fit the bill here, it is up to the researcher to make the shoe fit. ;D
I do not believe it to be Banker, since Banker alters the dll file and inserts Hooker into the Windows folder which DC did not mention. I went with Hopel because of the nt.txt notation in C:.
DC did not provide much information upon which to base an exact diagnosis or identification.
My choice is purely speculative at this point.
DC,
Can you run a dll search in the Windows folder and look for a hooker.dll file? This would clear up the matter of the Banker virus.