NLSAgent.exe corp spyware RAT

View previous topic View next topic Go down

NLSAgent.exe corp spyware RAT

Post by qdjdumg on 26/12/2011, 00:25

I am newly working with a non-profit org, which provides me with a Dell running XP on their network, and they have 2 full-time IT techs in-house. they use MSSE, and recently added corp version of mbam. My user acct is an adminstrator as I'm considered an "executive." I added prevx, and it seems not to slow down their setup, and has not detected anything. Neither has mbam. For "fun" I ran emsisoft emergency antimalware, and it considers \system32\NLSAgent.exe a trojan, so I ran it thru virustotal, and 9/43 considered it a trojan. Did some quick research, and it seems to be corp spyware that the IT guys can see just about anything happening on your system including screenshots. I was aware that was a possibilty, so I'm not shocked. I am "concerned" that so many scanners do not detect it. I would think or hope that every av, at, or am would point it out and tell user that it is a trojan but may be "good" contact your IT dept. The office is closed for a few days for the holidays, so I think I temporarily stopped NLSAgent.exe, but did not delete it or modify the registry. I also had installed (& purchased) Zemana antilogger several weeks ago and I assume NLSAgent.exe was already installed but not detected by me, and wondering if ZAL "defeats" NLSAgent.exe. I suspect that it doesn't, but I get no alert from ZAL that there is or may be a problem. I sent a msg to ZAL folks and so far have not received a reply (could be holidays) & of course I bought ZAL specifically for the purpose of stopping spyware, so thinking wasted money on that box. I'm thinking that if I remove NLSAgent.exe I'll get into trouble with IT guys, and they'll just put it back and perhaps add more limitations and restrictions. I would appreciate feedback about that. And how is that 80% of av don't detect NLSAgent.exe when it clearly seems to be a RAT, do corps pay off av vendors not to detect their trojans, and makes me wonder what else they may not be detecting. Comments welcome.

qdjdumg
New Member
New Member

Posts : 5
Join date : 2010-05-21

View user profile

Back to top Go down

Re: NLSAgent.exe corp spyware RAT

Post by ssj100 on 26/12/2011, 01:53

Seems like legitimate software according to this:
http://www.2-spyware.com/remove-net-monitor-for-employees.html
Net Monitor for Employees is a commercial remote administration tool designed to monitor users activity on remote computers. This RAT displays a live picture of a remote computer, provides a control over its keyboard and mouse, allows to send messages and lock a remote computer. Although this program is legitimate, it can be used by malicious persons for obvious harmful deeds. Net Monitor for Employees automatically runs on every Windows startup.

Net Monitor for Employees properties:
• Allows remote user connection
• Takes and sends out screenshots of user activity
• Connects itself to the internet
• Hides from the user
• Stays resident in background
While it sounds a little bit sly, I would think it's not intended to be for malicious purposes - I think many workplaces have similar mechanisms in place, mostly to allow easy universal communication and "help desk support".

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: NLSAgent.exe corp spyware RAT

Post by qdjdumg on 26/12/2011, 07:48

OK, thanks for your reply. Understand your comment, and I read info at 2-spyware before I posted here. My consulting work tends to be confidential and I'm not "comfortable" with IT reading what I'm doing. And since no one from IT has complained directly to me, I assume that Zemana is doing nothing and is a waste of time on that system. I'd like to learn more about NLSAgent, but so far I'm not finding that much, at least in depth. I'll run that exe in anubis and see if it makes any sense to me, or go directly to IT dept and ask them to show me what NLSAgent does, now curious to see how they respond.
PS enjoy reading your forum.

qdjdumg
New Member
New Member

Posts : 5
Join date : 2010-05-21

View user profile

Back to top Go down

Re: NLSAgent.exe corp spyware RAT

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum