Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wootbot.ao Virus Got Any Reccomendations?


  • Please log in to reply
6 replies to this topic

#1 Warzone Sports

Warzone Sports

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Location:New Orleans, Louisiana
  • Local time:10:46 PM

Posted 11 August 2006 - 09:15 PM

I have a "System Idle Process" running in my task manager. I searched and found it is the WOOTBOT.AO virus. Norton has nothing on this dam thing. How do I get rid of it? Any ideas? :thumbsup:

Thanks
-WZS

Edited by Warzone Sports, 11 August 2006 - 09:23 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:46 PM

Posted 11 August 2006 - 09:42 PM

Two questions: where did you do your searching? What specifically did you do to find out that it is in fact Wootbot.ao or that you have Wootbot.ao on your computer?

Reason I ask is that System Idle Process is a legitimate windows program: Please read the following for what this process does and what happens when it's blocked: http://www.answers.com/topic/system-idle-process. The answers to the questions I asked will help others help you if your computer is infected.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 11 August 2006 - 09:43 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:09:46 PM

Posted 11 August 2006 - 10:38 PM

WORM_WOOTBOT.AO

Manual removal instructions for WORM_WOOTBOT.AO

Edited by tg1911, 11 August 2006 - 11:25 PM.

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#4 Warzone Sports

Warzone Sports
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Location:New Orleans, Louisiana
  • Local time:10:46 PM

Posted 12 August 2006 - 10:58 AM

Two questions: where did you do your searching?


Hmm,

I did a google search and found a lot of hits about it being a virus and one of the warnings came from this site. That is why I posted here. I just found it unusual that Symantec had no record of this thing.

What sparked my search in the process window was the fact that my computer is now really slow. So, I looked up to see what process was using the most resources and it was System Idle Process. I had no other programs open and it was hitting like 98 to 99%

I tried what TG posted but I am not finding the stemidle.exe anywhere in the registry.

Something strange is going on for sure. :thumbsup:

-WZS

#5 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:09:46 PM

Posted 12 August 2006 - 12:46 PM

What version of Windows are you using?

*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.


and one of the warnings came from this site.

Did you follow the link at the bottom of the entry in the Startup Programs Database (stemIdle.exe)?
How to remove a Trojan, Virus, Worm, or other Malware

Edited by tg1911, 12 August 2006 - 12:53 PM.

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#6 Warzone Sports

Warzone Sports
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Location:New Orleans, Louisiana
  • Local time:10:46 PM

Posted 13 August 2006 - 12:53 AM

Thanks Boogalee,

I am using Windows XP, I will look in to your recommendations. Symantec was a fat lot of help. They offered to fix the problem for $99.95 and "Mujabar" at support said it would be corrected.

Norton just dropped way down on my list of credibility since they had no record of this virus in the first place.

I'll post my results.

Thanks,

-WZS

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:46 PM

Posted 13 August 2006 - 06:31 AM

In addition to tg1911's instructions, I also recommend that you download and scan with the free F-Bot Cleaner Tool.
1. Unzip (extract) the F-Bot utility from the ZIP archive. Read "How to create/extract a ZIP File in Win XP" if unsure how to do this.
2. Run F-Bot.exe by either double-clicking on it or start from COMMAND.COM or CMD.EXE by typing: "F-Bot.exe" at the command prompt and pressing 'Enter'.
3. Reboot the system.

Note: The F-Bot tool unpacks several files into a temporary folder on a hard drive. These files are not deleted after the tool finishes cleaning a computer. The unpacked files can be deleted manually any time after disinfection. See the Readme File located in the zip folder for further details.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users