I was auditing a client's server and found a running process called
MSApp.exe - I Googled it and found that it should be associated with a
trojan called RSBot. Now here's the confusing part: I have scanned the
file with 3 different scanning engines, including 2 free online scanners (
Housecall by Trend and Pandora's ) and McAfee with most recent sigs, and
nothing is detecting the file as a virus?!?! I have searched through both
standard web hits and groups and they all say the same thing - virus. But
nothing is detecting it as such. Any thoughts on what I am missing?!??!

tia,
Bill

Symantec's removal procedure, for this virus in Windows 2000, is to simply delete the foreign file and the value that was added to the registry. See this article for complete details:

Backdoor.Rsbot
http://securityresponse.symantec.com...oor.rsbot.html

--
Hope this helps..Reply in newsgroup only.
Eric McGillicudy

"Bill Unger" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> I was auditing a client's server and found a running process called
> MSApp.exe - I Googled it and found that it should be associated with a
> trojan called RSBot. Now here's the confusing part: I have scanned the
> file with 3 different scanning engines, including 2 free online scanners (
> Housecall by Trend and Pandora's ) and McAfee with most recent sigs, and
> nothing is detecting the file as a virus?!?! I have searched through both
> standard web hits and groups and they all say the same thing - virus. But
> nothing is detecting it as such. Any thoughts on what I am missing?!??!
>
> tia,
> Bill
>
>
>
>
>

I am more curious why absolutely NOTHING is detecting it??!


"Eric McG" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
Symantec's removal procedure, for this virus in Windows 2000, is to simply
delete the foreign file and the value that was added to the registry. See
this article for complete details:

Backdoor.Rsbot
http://securityresponse.symantec.com...oor.rsbot.html

--
Hope this helps..Reply in newsgroup only.
Eric McGillicudy

"Bill Unger" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I was auditing a client's server and found a running process called
> MSApp.exe - I Googled it and found that it should be associated with a
> trojan called RSBot. Now here's the confusing part: I have scanned the
> file with 3 different scanning engines, including 2 free online scanners (
> Housecall by Trend and Pandora's ) and McAfee with most recent sigs, and
> nothing is detecting the file as a virus?!?! I have searched through
both
> standard web hits and groups and they all say the same thing - virus. But
> nothing is detecting it as such. Any thoughts on what I am missing?!??!
>
> tia,
> Bill
>
>
>
>
>

Symantec products with current definitions do detect it.

Steve

Bill Unger wrote:

> I am more curious why absolutely NOTHING is detecting it??!
>
>
> "Eric McG" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> Symantec's removal procedure, for this virus in Windows 2000, is to simply
> delete the foreign file and the value that was added to the registry. See
> this article for complete details:
>
> Backdoor.Rsbot
> http://securityresponse.symantec.com...oor.rsbot.html
>
> --
> Hope this helps..Reply in newsgroup only.
> Eric McGillicudy
>
> "Bill Unger" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>
>>I was auditing a client's server and found a running process called
>>MSApp.exe - I Googled it and found that it should be associated with a
>>trojan called RSBot. Now here's the confusing part: I have scanned the
>>file with 3 different scanning engines, including 2 free online scanners (
>>Housecall by Trend and Pandora's ) and McAfee with most recent sigs, and
>>nothing is detecting the file as a virus?!?! I have searched through
>
> both
>
>>standard web hits and groups and they all say the same thing - virus. But
>>nothing is detecting it as such. Any thoughts on what I am missing?!??!
>>
>>tia,
>>Bill
>>
>>
>>
>>
>>
>
>
>

me too

--
George Hester
__________________________________
"Bill Unger" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> I am more curious why absolutely NOTHING is detecting it??!
>
>
> "Eric McG" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> Symantec's removal procedure, for this virus in Windows 2000, is to simply
> delete the foreign file and the value that was added to the registry. See
> this article for complete details:
>
> Backdoor.Rsbot
> http://securityresponse.symantec.com...oor.rsbot.html
>
> --
> Hope this helps..Reply in newsgroup only.
> Eric McGillicudy
>
> "Bill Unger" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I was auditing a client's server and found a running process called
> > MSApp.exe - I Googled it and found that it should be associated with a
> > trojan called RSBot. Now here's the confusing part: I have scanned the
> > file with 3 different scanning engines, including 2 free online scanners (
> > Housecall by Trend and Pandora's ) and McAfee with most recent sigs, and
> > nothing is detecting the file as a virus?!?! I have searched through
> both
> > standard web hits and groups and they all say the same thing - virus. But
> > nothing is detecting it as such. Any thoughts on what I am missing?!??!
> >
> > tia,
> > Bill
> >
> >
> >
> >
> >
>
>

I think your question should be addressed to the people at McAfee, Trend and Pandora .

--
Hope this helps..Reply in newsgroup only.
Eric McGillicudy

"Bill Unger" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> I am more curious why absolutely NOTHING is detecting it??!
>
>
> "Eric McG" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> Symantec's removal procedure, for this virus in Windows 2000, is to simply
> delete the foreign file and the value that was added to the registry. See
> this article for complete details:
>
> Backdoor.Rsbot
> http://securityresponse.symantec.com...oor.rsbot.html
>
> --
> Hope this helps..Reply in newsgroup only.
> Eric McGillicudy
>
> "Bill Unger" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I was auditing a client's server and found a running process called
> > MSApp.exe - I Googled it and found that it should be associated with a
> > trojan called RSBot. Now here's the confusing part: I have scanned the
> > file with 3 different scanning engines, including 2 free online scanners (
> > Housecall by Trend and Pandora's ) and McAfee with most recent sigs, and
> > nothing is detecting the file as a virus?!?! I have searched through
> both
> > standard web hits and groups and they all say the same thing - virus. But
> > nothing is detecting it as such. Any thoughts on what I am missing?!??!
> >
> > tia,
> > Bill
> >
> >
> >
> >
> >
>
>