malicious solfware

[Guest]

the windows malicious software removal tool detects a problem and names it
but will not remove it. It's called Backdoor:Win32/Rbot.gen Also my
nortons does not detect it and I can not stay on line long enought to do any
thing about it. I am on a different Pc now. I have XP-pro sp1 Cant stay
online to down load sp2.
Can anyone help? harry

 

[David H. Lipman]

From: "harry" <[email protected]>

| the windows malicious software removal tool detects a problem and names it
| but will not remove it. It's called Backdoor:Win32/Rbot.gen Also my
| nortons does not detect it and I can not stay on line long enought to do any
| thing about it. I am on a different Pc now. I have XP-pro sp1 Cant stay
| online to down load sp2.
| Can anyone help? harry

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[Patrick Keenan]

the windows malicious software removal tool detects a problem and names it
but will not remove it. It's called Backdoor:Win32/Rbot.gen Also my
nortons does not detect it and I can not stay on line long enought to do any
thing about it. I am on a different Pc now. I have XP-pro sp1 Cant stay
online to down load sp2.
Can anyone help? harry

HiJack This will probably help you identify the file and the references that
launch it. Restart in Safe Mode as Administrator, and you should be able
to locate and delete the file in question. Often, these make it to the
\windows\system32 folder after starting in the Temporary Files folders.

In Explorer, show the, System, System32 folder or the Windows folder and
set it to Details, and to show all files including system and hidden and to
display extensions. Sort by date and time. Look at the newest files, and
you may see the trojan recreating files. Sort by extension and check the
..exe and .dll files for those that have random-looking names and new
timestamps. Do this in all three folders.

Also in Explorer, locate the Content.ie5 folder for your account, and delete
it. This will ensure that if the trojan is launching from a temporary
internet file folder, it's gone. The folder will be recreated when you log
in to your account. Also, clear out the Temp folders.

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090019
http://www.symantec.com/security_response/writeup.jsp?docid=2004-101912-5125-99
Symantec says they have a removal tool.

HTH
-pk