Anti-Virus Apps
--
Questions
--
Followers
Top Experts
Anybody knows what this one does and how to deal with it ? Thanks
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
http://www.annoyances.org/exec/forum/win95/t1019359467
http://www.annoyances.org/exec/forum/win98/t1015550905
After the Trojan copies itself, it It adds the value
Internat.exe %windir%\internat.exe
to the registry key
HKEY_LOCAL_MACHINE\Softwar
so that the Trojan runs when you start Windows.
When it runs at startup, it displays the message
Hello. I'm NetSnake.
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
From the Symantec website, I found that there is a trojan program file called internat.exe which maliciously steals passwords and sends them to the trojan creator. However, I missed the part where the Symantec web site mentions that there is in fact a legitimate file called internat.exe which resides in the %windir%\system directory.
Basim from Iraq writes, "Internat.exe is there in *msconfig.exe* for bilingual machines. The blue small square in the system tray where you can change the language you type in email messages, couldn't be displayed without enabling internat.exe. This applies to bilingual Windows only."
And, to quote from the Symantec web site:
" Please note that there is a legitimate Windows application called %windir%\system\Internat.e
NOTE: %windir% is a variable that denotes the folder in which Windows is installed. The normal installation folders are C:\Windows or C:\Winnt. "
So, what do you need to do to make sure that the Internat.exe -- if you have it on your system -- is not the trojan?
From my understanding, an infected system will display "Hello. I'm NetSnake." after a system reboot. If you remember seeing a message like this, the trojan is installed on your system and you need to get rid of it.
Thx for points!
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
This original program is important for the stable and secure Windows environment and should not be terminated.
internat.exe is also a process which is registered as the Win32.Lydra.a information stealing Trojan.
This Trojan allows attackers to access your computer, personal data and information.
The Trojan is a security risk and should be removed immediately.
If the file continues to return, than bets are that Windows is detecting it as a missing system file and pullign in from your cached cab files.
Sometimes it is hard to tell the difference between real system files, and cloned malicious programs with the same name.
I suggest you use your favorite Anti-Virus web site to search for information about the Win32.Lydra.a trojan and how to detect and remove it from your system.
I also recommend you do a google or yahoo search for file names in question to learn more about them.
Anti-Virus Apps
--
Questions
--
Followers
Top Experts
Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.