backdoor.montp virus

Norton picked up saying that I had a virus a couple days ago, but after I restarted my computer it didn't find it. But was there anything else that downloaded with it. I read somewhere that if you had that virus it goes in to a folder called lslt and it it in the system32 folder. I looked at it and it has a whole bunch of my information. Is it safe or do I need to delete it. Thanks.

 

I couldn't find anything on this virus on Symantec's site.

 

Discovered on the 10th april. Catagory 1. It doesn't sound to serious, but I haven't really had a good look. http://securityresponse.symantec.com/avcenter/defs.added.html

 

Saw that listing but missed that entry. Now I see it.

Thanks xgerryx.

 

Okay well this is what someone said about it so I don't know.

The problem is that backdoor.montp brings that executable with it, the executable does indeed change its name each time you boot. And if it is the same executable that came with it on my machine, it harvested all your PTR passwords and user names along with most every other website user name and password you have and put them into a text file in windows/system32/lslt and then transmitted it to somebody in the background over the internet connection.

My Norton firewall caught it trying to transmit and shut down the transmission.

You can only find the folder in system32 in safe mode, the executable cloaks it in normal mode from all attempts to find it. When in safe mode, check system32 for that folder and open it. There will be a text file there, open it and see what it says.

It also writes it startup to system restore so I would advise disabling that while you are cleaning it. One of my spyware/trojan killers found evidence of it still there even after cleaning. Got rid of that too.

Again, backdoor.montp simply seems to be the entry point for the trojan that comes with it. That trojan is bad news and seems specifically intended to harvest ptr user names and passwords, probably for hijacking peoples accounts.

If you don't have a firewall or it was not set to stop outbound transmissions such as this you had better change all your passwords.

THIS THING IS BAD NEWS. Nortan seems clueless as to what it is really capable of or that it brings this cargo with it. When Nortan scans in safe mode it will actually report that it is the trojan exe that is infected with backdoor.montp.

What my concern is though also is about the lslt folder that is holding a lot of person information on it. I don't know if that is safe or not?

 

Hello Buckaroo
I only found by using google toolbars highlighter

Cheers