Hello,

I ran KIS and it found the trojan "backdoor.win32.rbot.gen" and
removed it. I looked up the description of this virus and it says that
it steals your paypal information and "anything interesting". I don't
know how long I had this virus for. Do I need to be worried? Should I
change my passwords for any internet sites?

TIA

"Sam" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello,
> I ran KIS and it found the trojan "backdoor.win32.rbot.gen" and
> removed it. I looked up the description of this virus and it says that
> it steals your paypal information and "anything interesting". I don't
> know how long I had this virus for. Do I need to be worried? Should I
> change my passwords for any internet sites?

Yes

-jen

From: "Sam" <(E-Mail Removed)>

| Hello,

| I ran KIS and it found the trojan "backdoor.win32.rbot.gen" and
| removed it. I looked up the description of this virus and it says that
| it steals your paypal information and "anything interesting". I don't
| know how long I had this virus for. Do I need to be worried? Should I
| change my passwords for any internet sites?

| TIA

I agree with Jen. Such an action would be prudent.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

On Thu, 01 May 2008 09:21:03 -0400, Wolf Kirchmeir
<(E-Mail Removed)> wrote:

>I think you should
>
>a) change your passwords regularly;
>b) get a credit card with a low limit ($500-$1000) strictly for on-line use;
>c) set up an e-mail account strictly for on-line business.


Thanks. Can I ask: what do you mean by (c) e-mail for on-line
business; by definition doesn't e-mail have to be online?

How does this virus work? Sometimes you visit a website and IE or
Firefox asks if it should remember the password. They must store these
somewhere. Does the virus read from this store or does it read your
keypresses when you enter it or does it intercept when the browser
transmits to the web site?

I am wondering whether it only affects sites visited or all sites
recorded on your HDD and whether it affectes both IE and Firefox or
just the one?

BTW is KIS or KAV the best thing to detect these nasties? I hear NOD
is good too. is there anything else? I have heard there are special
"trojan detector" programs; are these necessary?

TIA

"Sam" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
[snip]
> How does this virus work? Sometimes you visit a website and IE or
> Firefox asks if it should remember the password. They must store these
> somewhere. Does the virus read from this store or does it read your
> keypresses when you enter it or does it intercept when the browser
> transmits to the web site?
> I am wondering whether it only affects sites visited or all sites
> recorded on your HDD and whether it affectes both IE and Firefox or
> just the one?
> BTW is KIS or KAV the best thing to detect these nasties? I hear NOD
> is good too. is there anything else? I have heard there are special
> "trojan detector" programs; are these necessary?

Backdoor.Win32.Rbot.gen
Aliases:
Backdoor.Win32.Rbot.gen (Kaspersky Lab) is also known as:
W32/Sdbot.worm.gen.h (McAfee), W32.Spybot.Worm (Symantec),
Win32.HLLW.MyBot (Doctor Web), W32/Rbot-IR (Sophos),
Backdoor:Win32/Spybot.AI (RAV), WORM_RBOT.KZ (Trend Micro),
Worm/RBot.RT (H+BEDV), Win32:SdBot-194-B (ALWIL),
IRC/BackDoor.SdBot.55.U (Grisoft), Backdoor.Rbot.RP (SOFTWIN),
Trojan.Spybot-79 (ClamAV), W32/Gaobot.ALK.worm (Panda),
Win32/Rbot.AEF (Eset)
Description added: Aug 06 2004
Behavior: Backdoor

Technical details:
Backdoor.Rbot is a family of Trojan programs for Windows, which offer
the user remote access to victim machines. The Trojans are controlled
via IRC, and have the following functions:

* monitor networks for interesting data packets (i.e. those containing
passwords to FTP servers, and e-payment systems such as PayPal etc.)
* scan networks for machines which have unpatched common vulnerabilties
(RPC DCOM, UPnP, WebDAV and others); for machines infected by Trojan
programs (Backdoor.Optix, Backdoor.NetDevil, Backdoor.SubSeven and
others) and by the Trojan components of worms (I-Worm.Mydoom,
I-Worm.Bagle); for machines with weak system passwords
* conduct DoS attacks
* launch SOCKS and HTTP servers on infected machines
* send the user of the program detailed information about the victim
machine, including passwords to a range of computer games
http://www.viruslist.com/en/viruses/...?virusid=56713

-jen