Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/malum.amqu


  • Please log in to reply
2 replies to this topic

#1 Myself

Myself

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 24 February 2007 - 01:31 PM

I have the Zone Alarm security suite and was using the antivirus scanner when it found "Win32/Malum.AMQU". It said the risk was high but it was unable to remove the virus itself and offered no further steps. So I decided I'd take my problem to this community. You guys have been a great help in the past. I’ve always recommend this website to friends. Thanks in advance to anyone who offers their assistance or advice concerning this issue!
-Myself

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:54 AM

Posted 24 February 2007 - 01:48 PM

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

Post a Hijack This log in the appropriate forum by following the directions in the link below.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:06:54 AM

Posted 24 February 2007 - 02:01 PM

Also known as Win32/Malum.BHV, Win32.Malum.BHV, Backdoor.MS03-026 Exploit.Trojan (InoculateIT), Backdoor.MS03-026_Exploit!Trojan (InoculateIT), Win32/Rbot.SP (Eset), W32/Spybot.WE (F-Secure), Backdoor.Win32.Rbot.aeu (Kaspersky)


Win32.Rbot.DUA is an IRC controlled backdoor (or "bot") that can be used to gain unauthorized access to a victim's machine. It can also exhibit worm-like functionality by exploiting weak passwords on administrative shares and by exploiting many different software vulnerabilities, as well as backdoors created by other malware. There are many variants of Rbot, and more are discovered regularly. Rbot is highly configurable, and is being very actively developed, however the core functionality is quite consistent between variants.


IMPORTANT NOTE: Backdoor Trojans are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider all your passwords to be compromised. They should be changed by using a different computer and not the infected one. Do not change passwords or do any transactions while using the infected computer because an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users