backdoor.montp virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bbyboop1977

Thread Starter
Joined
Nov 23, 2003
Messages
119
Norton picked up saying that I had a virus a couple days ago, but after I restarted my computer it didn't find it. But was there anything else that downloaded with it. I read somewhere that if you had that virus it goes in to a folder called lslt and it it in the system32 folder. I looked at it and it has a whole bunch of my information. Is it safe or do I need to delete it. Thanks.
 

bbyboop1977

Thread Starter
Joined
Nov 23, 2003
Messages
119
Okay well this is what someone said about it so I don't know.

The problem is that backdoor.montp brings that executable with it, the executable does indeed change its name each time you boot. And if it is the same executable that came with it on my machine, it harvested all your PTR passwords and user names along with most every other website user name and password you have and put them into a text file in windows/system32/lslt and then transmitted it to somebody in the background over the internet connection.

My Norton firewall caught it trying to transmit and shut down the transmission.

You can only find the folder in system32 in safe mode, the executable cloaks it in normal mode from all attempts to find it. When in safe mode, check system32 for that folder and open it. There will be a text file there, open it and see what it says.

It also writes it startup to system restore so I would advise disabling that while you are cleaning it. One of my spyware/trojan killers found evidence of it still there even after cleaning. Got rid of that too.

Again, backdoor.montp simply seems to be the entry point for the trojan that comes with it. That trojan is bad news and seems specifically intended to harvest ptr user names and passwords, probably for hijacking peoples accounts.

If you don't have a firewall or it was not set to stop outbound transmissions such as this you had better change all your passwords.

THIS THING IS BAD NEWS. Nortan seems clueless as to what it is really capable of or that it brings this cargo with it. When Nortan scans in safe mode it will actually report that it is the trojan exe that is infected with backdoor.montp.

What my concern is though also is about the lslt folder that is holding a lot of person information on it. I don't know if that is safe or not?
 
Joined
May 16, 2003
Messages
4,092
buckaroo said:
:eek: Saw that listing but missed that entry. Now I see it.

Thanks xgerryx. (y)
Hello Buckaroo
I only found by using google toolbars highlighter

Cheers
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top