Network Associates Finds NT Virus, Posts Fix

If you find the words Remote Explorer within the services applet in the Windows NT Control Panel, your network has been infiltrated by what Network Associates Inc. ( claims is the most destructive Windows NT Server virus the company has ever seen. Dubbed Remote Explorer, the virus can cripple data files on a network.

The virus surfaced this past weekend at a Fortune 100 client of Network Associates. It infects Windows client computers at random via its own data file encryption algorithm.

Remote Explorer installs itself onto a Windows NT server, then multiplies without the need for users to open or run it. Remote Explorer attacks EXE, TXT and HTML files. The virus installs itself on a system by creating a copy of itself in the NT Driver directory and calls itself IE403R.SYS.

It also installs itself as a service, and carries a DLL that supports it in the infecting and encryption process. From preliminary analysis Network Associates claims that Remote Explorer spreads by stealing the security privileges of the domain administrator, which allows it to propagate to other Windows systems. Once there it infects files and compresses them in addition to encrypting data on a random basis. Windows NT is the primary method for the continued spread of this virus. Other Windows operating systems can host infected files, but the virus can not spread further on these platforms.

Thus far, Network Associates has found that the virus is most active on the weekends, and quieter during business hours.

According to Network Associates' it contains 120 kilobytes of binary code written in C, a massive amount of code for a virus, which are usually require only a few kilobytes.

Network Associates’ posted a detection and cleaning file at: Thomas Sullivan, Staff Reporter/Reviews Editor

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Cloud Services Use on the Rise But Security Concerns Remain

    A recently published industry report suggested that use of public cloud services by organizations may nearly double in the next two years.

  • OneDrive Users To Get Storage Options, Plus New Personal Vault

    Microsoft announced a few OneDrive enhancements, including storage-option additions, plus a new "Personal Vault" feature for added security assurance.

  • Cloud Services Starting To Overtake On-Prem Database Management Systems

    Database management system (DBMS) growth is happening more on the cloud services side than on the traditional "on-premises" side, according to a report by Gartner Inc.

  • How To Replace an Aging Domain Controller

    If the hardware behind your domain controllers has become outdated, here's a step-by-step guide to performing a hardware refresh.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.