Not sure where this should go so plumped for here due trojan infestation.

I have just deleleted 270 of these files then did second serch and delelted another 231 files. All were 1kb in size.

File name was/is IVB.NZT
Does anyone know what his file is? Is it/ could it (be) related to Backdoor.Motivftp.B trojan (which AdAware said/says I am infested with though no other program - (AV [on-line and sytem based] or trojan finder [on-line and system based] can find)

When I do a web search for it I can only find IVB NTZ and not NZT

One imagines tht this is somehow related to the NewZealand GENERIC antivirus program called invircible, which creates multiple data files called IVB.NTZ. Why NTZ should become NZT is obsure unless NZT relates to the correct meaning of "New Zealand Time" or unless a virus attacking the antivirus has renamed these files.

http://www.textfiles.com/virus/resist.txt

http://www.invircible.com/

Thanks Paul
Your second link shows the home page of one of the Anti_trojan scanners I tried out (Now un-installed, though these files were left behind after removal of program).

The second page section, in relation to their program, is beyond me.

Probably would be a good idea to run a spyware scan again, reboot and run HijackThis and copy/paste the log here. Make sure you use the latest version and don't fix anything until the experts look it over. Also, it you want to be able to restore any "fixed" files, make sure you actually install it rather than running from the zip file....

Originally posted by Budfred
Probably would be a good idea to run a spyware scan again, reboot and run HijackThis and copy/paste the log here. Make sure you use the latest version and don't fix anything until the experts look it over. Also, it you want to be able to restore any "fixed" files, make sure you actually install it rather than running from the zip file....

Below is the startup list. As I said they were from one of the AV/AT progs I installed whilst trying to find non-existant virus that Ad-Aware said I had. But better safe tan sorry. Besides there might be somehting there anyway.

StartupList report, 09/12/2003, 22:35:58
StartupList version: 1.52
Started from : D:\Documents and Settings\S'me\Desktop\KEEP For Security\Hi jack this 1.97\HJT 1.97.7\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
D:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Opera7\opera.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Documents and Settings\S'me\Desktop\KEEP For Security\Hi jack this 1.97\HJT 1.97.7\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[D:\Documents and Settings\S'me\Start Menu\Programs\Startup]
BHO Cop.lnk = D:\Program Files\BHOCop\BHOCop.exe
SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
MailWasher.lnk = D:\Program Files\MailWasher\MailWasher.exe

Shell folders Common Startup:
[D:\Documents and Settings\All Users\Start Menu\Programs\Startup]
ZoneAlarm.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AVG_CC = D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
ScriptSentry = D:\Program Files\Script Sentry\ScriptSentry.exe /check
Pop-Up Stopper = "D:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"

--------------------------------------------------

Shell & screensaver key from D:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=D:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

SpywareGuard Download Protection - D:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}

--------------------------------------------------

Enumerating Download Program Files:

[{556DDE35-E955-11D0-A707-000000521957}]
CODEBASE = http://www.xblock.com/download/xclean_micro.exe

[HouseCall Control]
InProcServer32 = D:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/bff3af7d050da5/housecall.antivirus.com/housecall/xscan53.cab

[Update Class]
InProcServer32 = D:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37932.6382175926

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: D:\WINDOWS\system32\SHELL32.dll
CDBurn: D:\WINDOWS\system32\SHELL32.dll
WebCheck: D:\WINDOWS\System32\webcheck.dll
SysTray: D:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 4,439 bytes
Report generated in 0.170 seconds

Hi,
Thanks for this thread. Was searching for the same IVB.NZT files which filled up every folder of my pc ; nearly 400 of these files I deleted. This happened only after I had run invercible anti virus. Uninstalled the antivirus.
I dont like softwares creating huge number of files without asking me. Its like backing up the files that I dont need 400 times.
When I googled for IVB.NZT, I found just this thread for it, invercible is not even listed in google, when it should be the one that should have been listed there and blamed for it.
Thnx anyway,
V S.