Multi Bot

[Jason]

Every time I log onto the computer, AntiSpyware
says "Multi Bot Pro" is trying to install, high threat,
would you like to remove it. I do. It then does a full
system scan and says it has found nothing. Every day
though, the item gets quarantined and then i delete it
from the quarantine.

I tried manually searching using the registry keys from
ca.com, but no luck there.

Any suggestions, thanks!

 

[Engel]

Hi Jason,


Steps to take if you have spyware that is not removed by
Microsoft Windows AntiSpyware (betª)
1) Open up AntiSpywªre
2) Click Tools at the tºp
3) Click "Submit a Suspected Spyware Repºrt"
4) Fill out the form with as much detail so they can
anªlyze quickly.


Have you tried these operations running in safe mºde?

1) Update both Microsoft Antispyware and your antivirus
applicªtion.

2B)Shut down the computer and turn off the power. Wait
for at least 30 seconds, and then restart the computer in
Safe mode or VGA mºde.

Empty your IE cache and your other temporary file
folders, eg: c:\temp, c:\windows\temp or C:\Documents and
Settings\<name>\Local Settings\Temp (the path to your
temp folder will change depending on your name) -
sometimes programmes can be hidden in there - watch out
for mysterious *.exe files or *.dll files in those
fºlders.
http://www.mvps.org/winhelp2002/delcache.htm


3) Do full deep scans with Microsoft Antispyware. Repeat
scanning until a complete scan comes through clean.
Ditto with the ªntivirus.

This isn't guaranteed, but it works for a great many
items that at first appear not to be cleaned in normal
mºde.


..
Download the following and run a thorough scan in safe
mºde:

Ad-Aware - http://www.lavasoftusa.com
http://hem.bredband.net/b288305/lavasofts_adaware_quick_st
art.htm

Spybot S&D - http://www.safer-networking.org/
http://net-integration.net/index.html

CWShredder -
http://www.intermute.com/products/cwshredder.html
Spy Sweeper - http://www.webroot.com
Ccleaner - http://www.ccleaner.com

Also check windows updates to make sure you have the
latest security patches and service packs installed :
http://windowsupdate.microsoft.com/



http://www3.ca.com/securityadvisor/pest/pest.aspx?
id=453075518

http://www.pcreview.co.uk/forums/thread-1698148.php

 

[Bill Sanderson]

I think I may have the answer to this one--courtesy of another user here who
ferreted this one out on his own system.

Drop to a command prompt.

Go to either \windows or \winnt, depending on your Windows version

Do: DIR winlogon.*

See whether what results resembles this:

Directory of E:\WINDOWS

09/24/2005 01:14 PM <DIR> winlogon.exe

Note that what you are seeing is a DIRECTORY named winlogon.exe

If you see this, you need to delete or rename this directory/folder. It
probably has a couple of files in it explaining that it was created by a
particular antivirus product as an innoculation against the host you are now
getting alerted about.

This is a false positive on the part of Microsoft Antispyware, but the
directory probably isn't doing you much good anymore--this threat is well
covered by antivirus and antispyware software, so I would recommend simply
removing the directory, which will get rid of the alerts. Neither Allow nor
Remove has any effect in this situation. Allow always might, but I strongly
recommend against that--this is a real threat, and you don't want to miss
the real thing.

 

[Guest]

I will try both and update you both (Engel and Bill).

thanks!