|
|
Detect and remove hidden rootkits using
UnHackMe
RegRun Security Suite = 24 system utilities for protecting your computer. Try now! |
 NDRIVES32.EXE - Dangerous
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels. It spreads to network shares with weak passwords and via network security exploits as a result of the backdoor Trojan element. Copies itself to the Windows system folder as NDRIVES32.EXE. Creates entries at the following locations in the registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices HKCU\Software\Microsoft\Windows\CurrentVersion\Run W32/Rbot-DK may set the following registry entries: HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM = "N" HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous = "1" Also, may try to delete the C$, D$, E$, IPC$ and ADMIN$ network shares on the host computer. Drops 3 files to the current folder called EXPIORER.EXE, ADMDLL.DLL and RADDRV.DLL, all of which appear to be legitimate remote server applications. Use RegRun Startup Optimizer to remove this worm from startup. Removal: NDRIVES32.EXE is removed by RegRun.
Read more... Removal instructions...
Recommended software: RegRun Security Suite - removal and protection. http://www.regrun.com RegRun Reanimator - free removal tool. greatis.com/reanimator
What is hidden in MSDN? Why software developers prefer Win32.FreeTechSecrets.com? All Unix Manuals in Alphabetical Order C# controls for .NET in 3 simple steps. Constantly updated. Last update: May 12 2008
Interesting information about Vista programs... Need consultation? Would you like to add your opinion?
|
|
