Author Topic: Error message that says C:\WINNT\NT\nrcs.exe (Read 3023 times)

eetfree23 · « **on:** May 17, 2007, 07:48:06 PM »

I keep receiving the error message posted in subject everytime I try to open My COmputer, MY documents, or any other things that deal specifically with my computer such as network settings

Most programs work fine except IE
im actually using Bitcomets browser to write this

but i reall need to know whats wrong and how to fix it
Thank You

Zylstra · « **Reply #1 on:** May 17, 2007, 09:22:32 PM »

What operating system are you using?
What antivirus or antispyware/adware do you have installed?
Have you done anything prior to the issue (eg: software or hardware change)

Possible causes:
Problem with the file itself (corruption)
Recent hardware change
Virus or poorly written program (eg: spyware or adware)

haycg · « **Reply #2 on:** May 17, 2007, 09:39:19 PM »

I don' know if this will be of any help.
A search for error message.
http://support.microsoft.com/kb/133320/en-us

For further information try the Event Viewer.
Control Panel - Administrative Tools - Event Viewer -
Try both Application and System - Right Click Error -
Properties - click Highlighted http address - click yes -
Help & Support will open for your Error for more information.

Try both Application and System
Can you use System Restore to before your problem started?

patio · « **Reply #3 on:** May 18, 2007, 05:53:15 AM »

Well that seems to be a list of ALL the NT error messages....which one is yours ?

eetfree23 · « **Reply #4 on:** May 26, 2007, 12:43:12 PM »

yea im using windows 2k
with AVG free
and that wesite with all the numbers would really help if only
my error gave me a number with it
Im not sure what you mean by if i have done anything prior to this isssue

patio · « **Reply #5 on:** May 26, 2007, 01:40:50 PM »

Quote from: patio on May 18, 2007, 05:53:15 AM

Well that seems to be a list of ALL the NT error messages....which one is yours ?

contrex · « **Reply #6 on:** May 26, 2007, 01:59:34 PM »

Quote

Re: Error message that says C:\WINNT\NT\nrcs.exe

Trojan-Proxy.Win32.Ranky.fv

Type   Malware

Type Description   Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.

Category   Backdoor

Category Description   A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

Level   Severe

Level Description   Severe risks are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.

Advice Type   Remove

Description   Trojan-Proxy.Win32.Ranky.fv is a program that creates a backdoor and allows an attacker to take control of the infected machine.

Add. Description   Trojan-Proxy.Win32.Ranky.fv is downloaded by another malware program, wgavn.exe, known as W32.Cuebot-K and Backdoor.Win32.IRCBot.BV. When executed, Trojan-Proxy.Win32.Ranky.fv creates a folder named NT in the Windows directory and copies itself to that folder as nrcs.exe. Trojan-Proxy.Win32.Ranky.fv creates a service posing as a Microsoft service and alters the registry to lower security settings, to hide system files, and to change the "Run" values of other programs to prevent them from starting on Windows boot up. Trojan-Proxy.Win32.Ranky.fv periodically contacts yu.haxx.biz at IP 209.11.244.117.

Author URL   ljrpq.haxx.biz

File Traces
    %system%\ nrcs.exe
    %windows%\ nt\ nrcs.exe

removal tool here

http://fileinfo.prevx.com/spyware/qqf0ee33453094-NRCS13564891/NRCS.EXE.html

or here

http://www.liutilities.com/products/wintaskspro/processlibrary/nrcs/

Quote

im actually using Bitcomets browser to write this

Now why am I not surprised?

eetfree23 · « **Reply #7 on:** May 26, 2007, 02:47:48 PM »

thank you very much contrex
I CAN FINALLY GET BACK TO FIREFOX ^^

GX1_Man · « **Reply #8 on:** May 26, 2007, 03:52:01 PM »

I am sure we will see you again.

Computer Hope Forum

News: