Need help with NTAP32SMS.EXE- Mission Critical. new Virus?

[Guest]

I have a virus hosing one of my critical servers, and it had also nailed my
laptop. Symptoms are 99% processor usage, and loss of internet connectivity.
I was able to remove it from my laptop, which has XP SP2, and al the security
updates, along with Norton AV. Now a srver appears to be infected, and it is
a 2000 server with mcaffee. At first, mcaffee was taxing the processor at
99%, stuck in a starting mode, and this morning found that ntap32sms.exe was
running on it.

I cant find ANYTHING regarding this process, except I can google ntap32.exe
and get back trojan info. AV wont pick it up, so I assume this is new. Does
anyone have any info on this?

Also, picking processes called msdirectx.sys, and nviload32.

 

[Craig n]

I have a virus hosing one of my critical servers, and it had also nailed my
laptop. Symptoms are 99% processor usage, and loss of internet connectivity.
I was able to remove it from my laptop, which has XP SP2, and al the security
updates, along with Norton AV. Now a srver appears to be infected, and it is
a 2000 server with mcaffee. At first, mcaffee was taxing the processor at
99%, stuck in a starting mode, and this morning found that ntap32sms.exe was
running on it.

I cant find ANYTHING regarding this process, except I can google ntap32.exe
and get back trojan info. AV wont pick it up, so I assume this is new. Does
anyone have any info on this?

Also, picking processes called msdirectx.sys, and nviload32.

Oh, and after I remove the files from system32 and prefetch, and destroy
the registry entries, they are right back the next boot. Where is it
coming from?

 

[Steven L Umbach]

First make sure that your antivirus software has been updated as of this
morning. It may also help to do a scan in safe mode. If problems persist
contact your antivirus vendor [phone, email] and give them the same
information that you posted here.

There are free tools from SysInternals such as Process Explorer, TCPView,
Autoruns, and Rootkit Revealer that can help you analyze what is going on.
Trend Micro has a tool called Sysclean that you may want to try. Download
Sysclean and the current pattern file to a common folder, unzip the pattern
file, and execute Sysclean. It will scan for and remove many common
malwares. Also review your security policy to see what weaknesses exist that
can be closed to minimize chance of reoccurrence and always scan ALL your
emails with your antivirus. Using MBSA is a good start to analyze your
computers for security vulnerabilities. --- Steve

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml -- Process
Explorer and link to SysInternals
http://www.trendmicro.com/download/dcs.asp --- Sysclean
http://www.trendmicro.com/download/pattern.asp --- pattern file current as
of today
http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA