Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.RBot worm


  • Please log in to reply
1 reply to this topic

#1 kikkertje

kikkertje

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 11 May 2005 - 06:54 AM

I've been having problems with my computer for weeks now. The very first thing was that it had totally blocked. I had to format and re-install XP. After having that done I ran a anti-virus program which discovered a worm. It had fixed the problem, or so it said.

I went to the msconfig and checked the reboot tab (I don't know how it's called in the English version), there I found these suspicious .exe files: kav32, snapple, winregs326a and systemreg. A search on google told me it was a variant on the Win32.RBot worm (everything but the snapple I believe).

I ran an online scan with something called eTrust, but I forgot how I found it. It discovered three variants: Win32.RBot.CC2, Win32.RBot.BVE and Win32.RBot.CFV. It was unable to delete or cure them. They were in the TFTP file in my system32 folder. I also forgot to write down which ones, and there appear to be a lot of TFTP files there.

Is there any removal tool? I'm practically a geek and if I have to mess around with registry keys/files whatever, I'll need a very good step-by-step guide...


I'm going to post this on HijackThis.

Edited by kikkertje, 11 May 2005 - 07:42 AM.


BC AdBot (Login to Remove)

 


m

#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:09 PM

Posted 11 May 2005 - 08:11 AM

Run these online virus scanners:
http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/

If that doesn't help, then:

Read the pinned post in the HijackThis forum, here
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users