W32/Rbot-AA Worm

  • Thread starter Thread starter Richard Oliver
  • Start date Start date
R

Richard Oliver

Running WinXP Home Edition
W32/Rbot-AA seems to prevent any anti virus programs (F-Prot or AVG)
from running either in normal or safe mode.
Help much appreciated,Richard
 
1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt186.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
9) Please report back your results

Dave





| Running WinXP Home Edition
| W32/Rbot-AA seems to prevent any anti virus programs (F-Prot or AVG)
| from running either in normal or safe mode.
| Help much appreciated,Richard
 
Thank you so much Dave---not sure what I would do without people such as
yourself--or programs such as Trend.

All went well except that the url for the disable sysrestore doc did not
help. Anyway managed to sort the disable thingy out using resrui.exe in
the system32 file.
The first scan found 17 viruses.

After the second Trend scan which found SDBOT-UM (clean-failed
and Move--failed) , I ran AVG which picked up 6 infected files and
healed 5 leaving one virus still on drive in
C:\Windows\system32\Internet.exe.

I am not sure what this file does so am leaving alone until I find out
!!!!!

Thanks again,Richard
 
1) Download the following item...

Adaware SE
http://www.lavasoftusa.com/

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using Adaware SE, perform a Full Scan of your platform and clean/delete
any parasites found.
5) Restart your PC and perform a "final" Full Scan of your platform using Adaware
6) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
9) Please report back your results

Dave





|
| Thank you so much Dave---not sure what I would do without people such as
| yourself--or programs such as Trend.
|
| All went well except that the url for the disable sysrestore doc did not
| help. Anyway managed to sort the disable thingy out using resrui.exe in
| the system32 file.
| The first scan found 17 viruses.
|
| After the second Trend scan which found SDBOT-UM (clean-failed
| and Move--failed) , I ran AVG which picked up 6 infected files and
| healed 5 leaving one virus still on drive in
| C:\Windows\system32\Internet.exe.
|
| I am not sure what this file does so am leaving alone until I find out
| !!!!!
|
| Thanks again,Richard
|
|
|
| On Mon, 04 Oct 2004 20:48:30 GMT, "David H. Lipman"
|
| >1) Download the following two items...
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend signature files.
| > http://www.trendmicro.com/download/pattern.asp
| >
| >Create a directory.
| >On drive "C:\"
| >(e.g., "c:\New Folder")
| >or the desktop
| >(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| >
| >Download sysclean.com and place it in that directory.
| >Dowload the signature files (pattern files) by obtaining the ZIP file.
| >For example; lpt186.zip
| >
| >Extract the contents of the ZIP file and place the contents in the same directory as
| >sysclean.com.
| >
| >2) If you are using WinME or WinXP, disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| >3) Reboot your PC into Safe Mode
| >4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
| > clean/delete any infectors found
| >5) Restart your PC and perform a "final" Full Scan of your platform
| >6) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
| > System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
| >7) Reboot your PC.
| >8) If you are using WinME or WinXP, create a new Restore point
| >9) Please report back your results
| >
| >Dave
| >
| >
| >
| >
| >
| >| >| Running WinXP Home Edition
| >| W32/Rbot-AA seems to prevent any anti virus programs (F-Prot or AVG)
| >| from running either in normal or safe mode.
| >| Help much appreciated,Richard
| >
|
 
Thank You Dave and Erwin for your kind assistance----all virus cleaned
out ,system up and running and Adaware and AVG updated.
Will also add Outpost Firewall for good measure.
Kind regards,Richard
 
Back
Top