Infected files in WINNT

G

Guest

I have just run a McAfee scan that found several IRC/Flood infections that Norton Antivirus has consistently missed. I cannot find any information about them or whether and how to remove the files that are infected. In WINNT\System 32, the files are G1R\fgr.bat, G1R\man.bat, H0ll\n.bat, H0ll\q.bat, moo.dat. In WINNT\winweb, the files are abc.dll and lsass.exe. I understand that lsass.exe is a legitimate and required program, but would appreciate any information about the others and what to do about them.
 
R

Robert Moir

Robert said:
I have just run a McAfee scan that found several IRC/Flood infections
that Norton Antivirus has consistently missed. I cannot find any
information about them or whether and how to remove the files that
are infected. In WINNT\System 32, the files are G1R\fgr.bat,
G1R\man.bat, H0ll\n.bat, H0ll\q.bat, moo.dat. In WINNT\winweb, the
files are abc.dll and lsass.exe. I understand that lsass.exe is a
legitimate and required program, but would appreciate any information
about the others and what to do about them.
Click to expand...

Not to be funny but if McAfee can identify them, it can probably provide
instructions and help for removing them. Have you checked their website?

If this is an internet facing server then i'd worry that you've been hacked.
I'd strongly suggest disconnecting from both the internet and any internal
network and proceeding very cautiously.


--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.
 
T

Tim

In addition.

You seem to be concerned about affecting windows required files.

All the .bat files should be (obviously) deleted outright.
There is an lsass file that is an essential part of windows, but it does not
live in the winweb folder - I have never heard of this folder before, so any
action on any files on this folder should be 'safe'.

As Robert says follow mcafee's advice and given a choice I would delete
them.

If in doubt, research the virs by name using google and read up about how
the infection manifests itself, and what the clean actions should be.

-Tim
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Win2000Pro. Viruses & Removal of Infected System Files. 9
Multiple Infected EMails 4
R.com, T.com, Regedit.com, taskmgr.com in Winnt directory - what are these files? 6
Windows 7 Difference in "size on disc" between files and copied files - a problem? 3
Inaccessible fonts in my C:\WINNT\Fonts folder 1
Viruses and infected files 1
Backdoor.mIRC-based question 3
Need Files that were infected 1

Top