Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rbot.gzk/genlot.kk


  • Please log in to reply
6 replies to this topic

#1 MelT

MelT

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 15 July 2007 - 10:53 AM

I am getting a virus threat detection everytime I reboot my pc. My anti-virus deletes it and it seems like it immediately copies itself. I have followed the instructions from the anti-virus support page to get rid of it but it is still there. I have updated the signature files and rerun the anti-virus scan and it comes back clean, yet when I reboot it is there again. I ran BitDefender and several files have been infected with "backdoor.genlot.kk" and it says that "disinfection failed". I have run several virus scans with various anti-virus programs and also have run several spyware scans and nothing seems to get rid of this. I don't know if it is related, but for some reason I cannot get my wireless connection to stay connected for more than 3-5 minutes and I am connected even though the wireless network configurations shows that I am not. Any help is appreciated.

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:06 AM

Posted 15 July 2007 - 12:11 PM

Where are these infected files located? If they are only located in System Restore, let us know.

If you haven't used Super Antispyware, try it.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:06 PM

Posted 15 July 2007 - 02:08 PM

Hi MelT
Please read this.........
http://ca.com/us/securityadvisor/virusinfo...s.aspx?id=63965
this something Not to be taken lightly.

Please follow the instructions given by buddy215 to post a Hjt log.

BBPP6nz.png


#4 MelT

MelT
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 15 July 2007 - 10:47 PM

This is what it says when I get the notification:

7/15/2007 23:18: 09 PM File Infection: C:\Program Files\uy.exe is Win32/Rbot.GZK worm. Deleted
7/15/2007 23:18: 12 PM File Infection: C:\Program Files\uy.exe is Win32/Rbot.GZK worm.
7/15/2007 23:18: 14 PM File Infection: C:\Program Files\uy.exe is Win32/Rbot.GZK worm.

How can I tell other than the program files\uy.exe where they are located?

I have CA Security Suite and have updated signature files and followed their instructions for removal.

I will try the suggestions from buddy and post the results.

Thanks

#5 buddy215

buddy215

  • BC Advisor
  • 12,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:06 AM

Posted 16 July 2007 - 07:26 AM

MelT's Hijack This log is here:
http://www.bleepingcomputer.com/forums/ind...mp;#entry570479

Couple of suggestions--Don't bump your log--wait for a response from the Hijack This team.

If the Hijack This Team has NOT replied in 5 days after you posted your log, see info in link below.
http://www.bleepingcomputer.com/forums/topic14717.html

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 MelT

MelT
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 18 July 2007 - 12:52 AM

When I run the various programs, I notice during the scan, a lot of limewire files that I have no clue what they are. Several movie files that I have never even heard of. Yet when I search my system I cannot find the files. Should I be concerned about information used for online bill pay? I have thought about doing a full system recovery. Do you think that is extreme? I found a dllhost.exe file running, I ran msconfig and it was in the start up. I clicked it off and rebooted, but it was still running and it was on again in the msconfig startup. I located a file in the documents and settings folder and deleted it. I rebooted and I did not get the Rbot infection notification. Could that dllhost.exe file be the cause of the rbot?

Thanks
Mel. T.

Edited by MelT, 18 July 2007 - 01:46 AM.


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:06 PM

Posted 18 July 2007 - 03:08 AM

Hi MelT
As you have already submitted a Hjt log, please don't alter anything on your pc until a team member contacts you.
Any changes you make, will alter your log and the team member won't have all the information they need.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users