Author Topic: W32-Forbot [worm] (Read 3224 times)

jmsrt · « **on:** October 13, 2004, 03:17:26 AM »

Hello
Avast family 4.1.418 can't detect and erase Forbot worm ( 1 process crsrs.exe, and 5 entries in registry ). I have to detect and erase it by myself. Memory test doesn't detect the process. After 3 normal complete scans and 2 scans before windows starting : no detection !!
Why ?
Sophos knows Forbot since 27 september ...

jmsrt · « **Reply #1 on:** October 13, 2004, 03:39:40 AM »

hello bis
Windows XP pro sp1 + all updates
1 process system and/or user " crsrs.exe "
1 file crsrs.exe in windows\system32
1 file crsrs.exe in windows\prefetch
registry crsrs.exe in :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

whocares · « **Reply #2 on:** October 13, 2004, 12:06:27 PM »

Hi,

which VPS-version do you use.. ?

please send any files you deem related to the worm to
virus (at) avast.com

Best in a password-protected ZIP- or RAR-archive; include problem/system description & archive-password in the mailtext..

Eddy · « **Reply #3 on:** October 13, 2004, 12:08:35 PM »

What are the settings in Avast you are using?

forbot aka's:
Gaobot
SdBot
RBot

It could be a new variant that Avast not (yet) detects.

Author Topic: W32-Forbot [worm] (Read 3224 times)

jmsrt

W32-Forbot [worm]

jmsrt

Re:W32-Forbot [worm]

whocares

Re:W32-Forbot [worm]

Eddy

Re:W32-Forbot [worm]