Network Associates Finds NT Virus, Posts Fix

If you find the words Remote Explorer within the services applet in the Windows NT Control Panel, your network has been infiltrated by what Network Associates Inc. ( claims is the most destructive Windows NT Server virus the company has ever seen. Dubbed Remote Explorer, the virus can cripple data files on a network.

The virus surfaced this past weekend at a Fortune 100 client of Network Associates. It infects Windows client computers at random via its own data file encryption algorithm.

Remote Explorer installs itself onto a Windows NT server, then multiplies without the need for users to open or run it. Remote Explorer attacks EXE, TXT and HTML files. The virus installs itself on a system by creating a copy of itself in the NT Driver directory and calls itself IE403R.SYS.

It also installs itself as a service, and carries a DLL that supports it in the infecting and encryption process. From preliminary analysis Network Associates claims that Remote Explorer spreads by stealing the security privileges of the domain administrator, which allows it to propagate to other Windows systems. Once there it infects files and compresses them in addition to encrypting data on a random basis. Windows NT is the primary method for the continued spread of this virus. Other Windows operating systems can host infected files, but the virus can not spread further on these platforms.

Thus far, Network Associates has found that the virus is most active on the weekends, and quieter during business hours.

According to Network Associates' it contains 120 kilobytes of binary code written in C, a massive amount of code for a virus, which are usually require only a few kilobytes.

Network Associates’ posted a detection and cleaning file at: Thomas Sullivan, Staff Reporter/Reviews Editor

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • The 2022 Microsoft Product Roadmap

    Microsoft has a lot in the docket for 2022, including new products like SQL Server 2022, Exchange Subscription Edition and Visual Studio 2022 for Mac.

  • Report: IT Budgets To Increase Despite Slowdown in Hiring

    A newly published annual report found that 51 percent of IT departments are planning to increase their IT spending next year, even in the face of a possible recession.

  • Microsoft Bolsters 'Employee Experience' with Latest Viva Apps

    Microsoft's Viva suite is getting new apps and enhancements, according to an announcement made on Thursday.

  • Microsoft Releases Windows 11 Version 22H2

    The latest version of Windows 11, known as "version 22H2," officially has been released.