rmtcfg

I posted earlier about my problems with IE6 and bandwidth but as I was investigating I found a new problem. I was running a virus scan with Norton and noticed it went through a file winnt\system32\rmtcfg. I couldn't find this file in windows explorer or total commander. I then assumed that the file was a system or hidden file so I although I am a total newbie I searched the net and figured out how to remove attributes etc. When I opened the file I noticed that it has these .bat and .exe files labelled hidden, hidden32, hiddenrun, mybot, ftp and host of other nasty sounding files. My questions are these:

(1) Do I just delete the whole file?

(2) How is this stuff getting through Norton Antivirus, Norton Internet Security, Ad Aware, and Spybot?

(3) If this got through, how deep does this problem go?

(4) Am I better off starting over from scratch?

Seems to be an IRC based virus.

McAfee seems to detect it:

http://vil.mcafee.com/dispVirus.asp?virus_k=100427


Quote:
When the dropper is run on the victim machine, multiple files are installed to the following directory:
C:\WINNT\SYSTEM32\RMTCFG2

Other subdirectories are created within this, once the package is running (some are IRC client related):
c:\WINNT\SYSTEM32\RMTCFG2\DAT
c:\WINNT\SYSTEM32\RMTCFG2\DOWNLOAD
c:\WINNT\SYSTEM32\RMTCFG2\LOGS
c:\WINNT\SYSTEM32\RMTCFG2\PLUGIN
c:\WINNT\SYSTEM32\RMTCFG2\SOUNDS


Make sure you update McAfee and recsan. HTH

Sotrry, I thought you had McAfee. I see you have Norton.

Maybe try a McAfee free scan at:

http://us.mcafee.com/default.asp