News

Network Associates Finds NT Virus, Posts Fix

If you find the words Remote Explorer within the services applet in the Windows NT Control Panel, your network has been infiltrated by what Network Associates Inc. (www.nai.com) claims is the most destructive Windows NT Server virus the company has ever seen. Dubbed Remote Explorer, the virus can cripple data files on a network.

The virus surfaced this past weekend at a Fortune 100 client of Network Associates. It infects Windows client computers at random via its own data file encryption algorithm.

Remote Explorer installs itself onto a Windows NT server, then multiplies without the need for users to open or run it. Remote Explorer attacks EXE, TXT and HTML files. The virus installs itself on a system by creating a copy of itself in the NT Driver directory and calls itself IE403R.SYS.

It also installs itself as a service, and carries a DLL that supports it in the infecting and encryption process. From preliminary analysis Network Associates claims that Remote Explorer spreads by stealing the security privileges of the domain administrator, which allows it to propagate to other Windows systems. Once there it infects files and compresses them in addition to encrypting data on a random basis. Windows NT is the primary method for the continued spread of this virus. Other Windows operating systems can host infected files, but the virus can not spread further on these platforms.

Thus far, Network Associates has found that the virus is most active on the weekends, and quieter during business hours.

According to Network Associates' it contains 120 kilobytes of binary code written in C, a massive amount of code for a virus, which are usually require only a few kilobytes.

Network Associates’ posted a detection and cleaning file at: http://www.nai.com/products/antivirus/remote_explorer.asp-- Thomas Sullivan, Staff Reporter/Reviews Editor

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Secure Score Hits General Availability

    Microsoft on Monday announced the general availability of the Microsoft Secure Score service within the Microsoft 365 Security Center portal.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Microsoft Teams Roadmap: Support for 1,000 Meeting Attendees, New Hardware

    Microsoft Teams is poised to receive a raft of new features in the coming months, many of them designed to make remote videoconferences feel more "natural."

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.