Re: Need help with NTAP32SMS.EXE- Mission Critical. new Virus?
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/27/05
- Next message: DBLWizard: "2003 & Automatically log off users when logon time expires"
- Previous message: Steven L Umbach: "Re: 2003 AD Security policy question"
- In reply to: Craig N: "Need help with NTAP32SMS.EXE- Mission Critical. new Virus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Apr 2005 12:36:00 -0500
First make sure that your antivirus software has been updated as of this
morning. It may also help to do a scan in safe mode. If problems persist
contact your antivirus vendor [phone, email] and give them the same
information that you posted here.
There are free tools from SysInternals such as Process Explorer, TCPView,
Autoruns, and Rootkit Revealer that can help you analyze what is going on.
Trend Micro has a tool called Sysclean that you may want to try. Download
Sysclean and the current pattern file to a common folder, unzip the pattern
file, and execute Sysclean. It will scan for and remove many common
malwares. Also review your security policy to see what weaknesses exist that
can be closed to minimize chance of reoccurrence and always scan ALL your
emails with your antivirus. Using MBSA is a good start to analyze your
computers for security vulnerabilities. --- Steve
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml -- Process
Explorer and link to SysInternals
http://www.trendmicro.com/download/dcs.asp --- Sysclean
http://www.trendmicro.com/download/pattern.asp --- pattern file current as
of today
http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
"Craig N" <Craig N@discussions.microsoft.com> wrote in message
news:9BD86A98-F41A-417A-8E9A-40809D6CD733@microsoft.com...
>I have a virus hosing one of my critical servers, and it had also nailed my
> laptop. Symptoms are 99% processor usage, and loss of internet
> connectivity.
> I was able to remove it from my laptop, which has XP SP2, and al the
> security
> updates, along with Norton AV. Now a srver appears to be infected, and it
> is
> a 2000 server with mcaffee. At first, mcaffee was taxing the processor at
> 99%, stuck in a starting mode, and this morning found that ntap32sms.exe
> was
> running on it.
>
> I cant find ANYTHING regarding this process, except I can google
> ntap32.exe
> and get back trojan info. AV wont pick it up, so I assume this is new.
> Does
> anyone have any info on this?
>
> Also, picking processes called msdirectx.sys, and nviload32.
- Next message: DBLWizard: "2003 & Automatically log off users when logon time expires"
- Previous message: Steven L Umbach: "Re: 2003 AD Security policy question"
- In reply to: Craig N: "Need help with NTAP32SMS.EXE- Mission Critical. new Virus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
