Latest ads

Electronics
Vehicles
Property
Search

MntDrCore.exe is Worm!

chamithal

chamithal

Member
Dec 12, 2006
5,616
1
0
MntDrCore.exe is a worm. It spread via removable drives, including floppy drives and USB keys. It creates an autorun.inf which is designed to start the worm once the removable drive is connected to an uninfected computer. Disable auto run in your computers. Even though the autorun is disabled it can infect the computer by double clicking the drive icon or by opening the drive content using right click & open option. Hence it is advisable to right click and exploring the drive in order to mitigate the risk.

MntDrCore.exe copies it self to %systemroot%\system32 with a name of isass.exe. There is an original system file which is also with the name lsass.exe. But isass.exe is a fake one. You can see it in the task manager as system process. It is not recommend delete the file listed above manually as this malware can use the same name as the genuine file and you could accidentally delete the genuine one.

You can use a tool or antivirus software to remove the file.
Click to expand...

Symantec nam allanne na! If you want to try ur AV n post...

Download the virus... - unrar - password 123
 
M

madurax86

Member
Jun 29, 2006
4,385
88
0
mntdrcore.exe is seen on abt 70% of SL's comps. It can be removed manually no need of anti virus software you can stop spreading all orms,trojans..etc that spread by autorun by doing the following,
1. load up cmd.exe
2. goto the removable's root
3. type "attrib"
4. just remove the unwanted attributes of unknown files(kill_vbs.vbs, ms32dll.dll.vbs,mntdrcore.exe,autorun.inf) by using "attrib <filename> -R -S -H"
5. now delete the file[its showing in the explorer now]
 
chamithal

chamithal

Member
Dec 12, 2006
5,616
1
0
madurax86 said:
mntdrcore.exe is seen on abt 70% of SL's comps. It can be removed manually no need of anti virus software you can stop spreading all orms,trojans..etc that spread by autorun by doing the following,
1. load up cmd.exe
2. goto the removable's root
3. type "attrib"
4. just remove the unwanted attributes of unknown files(kill_vbs.vbs, ms32dll.dll.vbs,mntdrcore.exe,autorun.inf) by using "attrib <filename> -R -S -H"
5. now delete the file[its showing in the explorer now]
Click to expand...

thnx lolZ! but if the av takes care it's easier ne........ ;)
 
chamithal

chamithal

Member
Dec 12, 2006
5,616
1
0
Kasun007 said:
I had NORTON IS 2006 and now using 2007.Virus detected in Both.:yes:
Click to expand...

really? oh! Symantec didn't detect! eventhough I right clicked on the virus file n scanned! AVG did! Thumbs up to it!
 
K

Kasun007

Member
Mar 6, 2007
44
0
0
chamithal said:
really? oh! Symantec didn't detect! eventhough I right clicked on the virus file n scanned! AVG did! Thumbs up to it!
Click to expand...

vv3oh3.jpg


Details about virus in NORTON IS 2007.
 
M

madurax86

Member
Jun 29, 2006
4,385
88
0
evry antivirus dat uses byte checkin libraries suk ! i knw dem evn da best fails wher they meet a new one they fail we're not that nutty to give sum dumb prog access da net n download its too nutty as i see it; nyway othrs think its da best way we hav n i say NO....use zonealarm i use it havnt met a btr prog for lock stuf up and the taskmanager at www.sysinternals.com its realli gud go there n see there're lots of utilities for removing viruses manually for me its fun but i use nod32 too jst incase
:P
 

Similar threads

M
උඹේ බෝඩි එක වළලනවා ද පුච්චනවා ද? Your decision will determine where you will end. Neil deGrasse Tyson
Replies
7
Views
253
Inigo Montoya
Inigo Montoya
Blogerwiki
Private chat - New Onion link
Replies
3
Views
234
Blogerwiki
Blogerwiki
Hankook
😄ලනක්වේ ගොඩක් අලුත් කපල් ගෑනිව Expose කරන්නේ අයි දැන් TikTok,Fb වල😛
Replies
0
Views
348
Hankook
Hankook
M
ඉස්ලාම් as an ideology is a cancer to the world.
Replies
0
Views
106
MAXPANE7
M
IndrajithGamage
කෝච්චියක් පීලි පනින්නෙ අ‍ැයි?
Replies
2
Views
128
Max_r
Max_r
Top Bottom