Directory C:\winnt\system32\drivers found on XP - Trojan?

Giganews Newsgroups
Subject: Directory C:\winnt\system32\drivers found on XP - Trojan?
Posted by:  Paul Moloney (paul_molon…@hotmail.com)
Date: 10 Dec 2003

While searching for the file "explorer.exe" on XP (due to it having a
high CPU usage), I found a copy in the folder
C:\winnt\system32\drivers. In this folder, I also found the following
files:

FireDaemon.exe
hexplore.exe
explore.exe
remote.ini
script1.ini
sec.bat
winini.bat

explore.exe had the name mIRC associated with it; doing a search for
it turned up the name of a trojan. Needless to say, this all looked
pretty suspicious. However, searching my registry turned up none of
the registry entries associated with this virus. And I run anti-virus
and anti-trojan software regularly, so am surprised nothing was
detected.

I found mIrc in the "Add/Remove Programs" dialog box, and I recall
installing IRC software a year or two back. (I removed it once found).
Is it possible this was a trojan, or does the legit mIrc install files
to the above folder, and therefore can be confused with the trojan?
Should I be worried, and if so, what should I look for, and can anyone
recommend a good anti-trojan program? (I moved from the now-default
Anti-Trojan 5.5.x to the new a(2)).

Thanks,

P.

Replies