Check or Attack Name: Passfilt.dll incorrect

An unknown version of passfilt.dll was detected. Passfilt.dll is distributed by Microsoft as of Windows NT 4.0 Service Pack 2 and rejects weak passwords. The version of Passfilt.dll in %systemroot%\system32 had a size or a checksum that did not match any known passfilt.dll files shipped by Microsoft. A file that is an incorrect size or possesses the wrong checksum can indicate that an attacker is capturing passwords via a Trojan horse program.

Determine if the passfilt.exe file is a Trojan horse or a program placed with malicious intent. If so, consider your system and its security compromised. If not, reinstall passfilt.

To install passfilt, follow these steps:

Passfilt.dll is shipped with Service Pack 2 for Windows NT 4.0 and later. It should be properly installed as per Microsoft Knowledge Base Article Q161990 listed in the References.

If the passfilt.dll installed on this system is a Trojan horse program:

1. Immediately remove the computer from the network.
2. Create a backup of the contents of the hard drive, or isolate the data on a non-networked storage device.
3. Perform a low-level format of all hard drives on the computer.
4. Reinstall the operating system.
5. Configure the computer with the original user names, groups, and applications.
6. Run Internet Scanner or System Scanner to determine vulnerabilities and resolve detected vulnerabilities.
7. Before using the files on the backup, scan all files using an up-to-date anti-virus program, and copy only the files you know to be authorized on that computer.
8. Reconnect the computer to the network.

Microsoft Knowledge Base Article Q161990, How to Enable Strong Password Functionality in Windows NT, http://support.microsoft.com/support/kb/articles/q161/9/90.asp