W32.RemoteExplore


Aliases: Remote Explorer, W32.IE403R, WinNT.RemEx
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 27 May 1998
Damage: Medium

Characteristics: W32.RemoteExplore is a virus. It infects the Windows NT environment. It infects executable files and attached network drives on the infected computer. It is a slow infector. However, it may cause medium damage to an infected computer. It is easy to remove using an updated antivirus program.

More details about W32.RemoteExplore

When the virus is run by a user with administrator privileges, the virus gets installed as the service “Remote Explorer.” This virus resides on the infected system as the file ie403r.sys. The virus is more active during "off-work" hours. It creates the Taskmgr.sys process at approximately every 10 minutes. The virus can infect files on attached network drives on a Windows NT network. Once the virus is activated, the infection routine picks a folder at random on the shared network drive. It then infects the .exe files in the chosen folder and encrypts the remaining files except for those with .dll and .tmp extensions. The virus does not infect other Windows platforms. When infected file is executed in Windows 95, an error message about a missing .dll export is shown. If executed in Windows 98, the Windows NT-specific viral service will not be installed.

Reports say that this software also opens a backdoor on the affected machine. This backdoor may serve as an entrance for other threats to enter the computer without being detected. A remote user may also use the backdoor as a means to communicate with the application on the affected computer. The W32.RemoteExplore program listens for commands from the remote user through a port. The remoter user may send some commands, such as removal of files from the computer, uploading and downloading data, starting or participating on web attacks, and gathering information regarding the affected system.