Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Win32.RBot worm

  • Please log in to reply
1 reply to this topic

#1 kikkertje


  • Members
  • 14 posts
  • Local time:10:19 AM

Posted 11 May 2005 - 06:54 AM

I've been having problems with my computer for weeks now. The very first thing was that it had totally blocked. I had to format and re-install XP. After having that done I ran a anti-virus program which discovered a worm. It had fixed the problem, or so it said.

I went to the msconfig and checked the reboot tab (I don't know how it's called in the English version), there I found these suspicious .exe files: kav32, snapple, winregs326a and systemreg. A search on google told me it was a variant on the Win32.RBot worm (everything but the snapple I believe).

I ran an online scan with something called eTrust, but I forgot how I found it. It discovered three variants: Win32.RBot.CC2, Win32.RBot.BVE and Win32.RBot.CFV. It was unable to delete or cure them. They were in the TFTP file in my system32 folder. I also forgot to write down which ones, and there appear to be a lot of TFTP files there.

Is there any removal tool? I'm practically a geek and if I have to mess around with registry keys/files whatever, I'll need a very good step-by-step guide...

I'm going to post this on HijackThis.

Edited by kikkertje, 11 May 2005 - 07:42 AM.

BC AdBot (Login to Remove)


#2 tg1911


    Lord Spam Magnet

  • Members
  • 19,274 posts
  • Gender:Male
  • Location:SW Louisiana
  • Local time:09:19 AM

Posted 11 May 2005 - 08:11 AM

Run these online virus scanners:

If that doesn't help, then:

Read the pinned post in the HijackThis forum, here
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users