Re: Error message that says C:\WINNT\NT\nrcs.exe
Trojan-Proxy.Win32.Ranky.fv
Type Malware
Type Description Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category Backdoor
Category Description A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
Level Severe
Level Description Severe risks are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.
Advice Type Remove
Description Trojan-Proxy.Win32.Ranky.fv is a program that creates a backdoor and allows an attacker to take control of the infected machine.
Add. Description Trojan-Proxy.Win32.Ranky.fv is downloaded by another malware program, wgavn.exe, known as W32.Cuebot-K and Backdoor.Win32.IRCBot.BV. When executed, Trojan-Proxy.Win32.Ranky.fv creates a folder named NT in the Windows directory and copies itself to that folder as nrcs.exe. Trojan-Proxy.Win32.Ranky.fv creates a service posing as a Microsoft service and alters the registry to lower security settings, to hide system files, and to change the "Run" values of other programs to prevent them from starting on Windows boot up. Trojan-Proxy.Win32.Ranky.fv periodically contacts yu.haxx.biz at IP 209.11.244.117.
Author URL ljrpq.haxx.biz
File Traces
%system%\ nrcs.exe
%windows%\ nt\ nrcs.exe
removal tool here
http://fileinfo.prevx.com/spyware/qqf0ee33453094-NRCS13564891/NRCS.EXE.htmlor here
http://www.liutilities.com/products/wintaskspro/processlibrary/nrcs/im actually using Bitcomets browser to write this
Now why am I not surprised?