Okay well this is what someone said about it so I don't know.
The problem is that backdoor.montp brings that executable with it, the executable does indeed change its name each time you boot. And if it is the same executable that came with it on my machine, it harvested all your PTR passwords and user names along with most every other website user name and password you have and put them into a text file in windows/system32/lslt and then transmitted it to somebody in the background over the internet connection.
My Norton firewall caught it trying to transmit and shut down the transmission.
You can only find the folder in system32 in safe mode, the executable cloaks it in normal mode from all attempts to find it. When in safe mode, check system32 for that folder and open it. There will be a text file there, open it and see what it says.
It also writes it startup to system restore so I would advise disabling that while you are cleaning it. One of my spyware/trojan killers found evidence of it still there even after cleaning. Got rid of that too.
Again, backdoor.montp simply seems to be the entry point for the trojan that comes with it. That trojan is bad news and seems specifically intended to harvest ptr user names and passwords, probably for hijacking peoples accounts.
If you don't have a firewall or it was not set to stop outbound transmissions such as this you had better change all your passwords.
THIS THING IS BAD NEWS. Nortan seems clueless as to what it is really capable of or that it brings this cargo with it. When Nortan scans in safe mode it will actually report that it is the trojan exe that is infected with backdoor.montp.
What my concern is though also is about the lslt folder that is holding a lot of person information on it. I don't know if that is safe or not?
I couldn't find anything on this virus on Symantec's site.
