Author Topic: Rbot_P2  (Read 3992 times)

0 Members and 1 Guest are viewing this topic.

Daddy-Martin

  • Guest
Rbot_P2
« on: May 12, 2005, 01:19:09 AM »
Greetings all!
First, thanks to the developers for this site and your products. I won't bore you with the McAfee debacle.

I went to Spyware Search and Destroy (Rounds of Applause for them too!)
obtained, their product, and found the following results:

70tovmto.exe C:\windows  ...  Win32:Trojan-gen. {VC}
EDowPack.exe C:\Temp ... Win32Trojan-gen.{UPXC}
q1719a4j.exe C:\Windows\system32 ... Win32Trojan.gen. {VC}
QH4MKBV9.DLL C:\Windows\SYSTEM32 ... Wind32:Adhooker {Trj}
TFTP3624 C:\Windows\system32 ... Win32:Rbot_P2, or maybe PZ {Trj}

Since that scan I went to the WindowsXP site and obtained the beta version of AntiSpyware and ran it as instructed.

I didn't save the results, but they indicate that 3 files were repaired.

Can someone help?  I'm good at following instructions, and not afraid to make decisions or follow instructions on strange, never-before seen screens in files in the depths of my computer's consciousness.

that said, I assume I know nothing.  ;)
Thanks!

I believe that my PC is still infected with something.  at times, when I mouse my pointer over the paired monitors near my clock on the task bar, I notice that the number of bytes sent exceeds the number received exponentially.  Having paid attention to this before (during dial up days while waiting and waiting...for downloads) I suspect that one of these malicious things is pirating my dsl connection to go to some site called "olymipcz.net" ; being so bold as to attempt connection to this site on start up without my consent or a simple "by your leave" (That's the standard of southern courtesy, when you can find it).

avast scans with 0519-1 05/10/05 show no virus infection.

I don't know how to get to the results of my last SpyWare S&D.  but I know something is there, lurking, ready to commandeer my pc again.

Please help!

does anyone know how many Trojans I have, if I have any other kind of malicious software, and what I might do to disempower them and disengage them from my pc and from my life.  I've been working on this since Sunday afternoon 5 PM Eastern Daylight Time in North America.

I live outside of Atlanta, in Decatur. 

BTW, I run WindowsXP Home Edition, not updated with SP1 or 2 since the last crash and re-installation of XP.
I'm running an AMD 1700 Athlon processor with a new mother board from about a year and a half ago over AT&T standard DSL connection.

I have to manually reinstall the sound drivers when I reinstall XP.  Hmmm.

Best to all y'all!

Martin

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: Rbot_P2
« Reply #1 on: May 12, 2005, 04:18:53 AM »
Martin, if avast and SpyBot Search and Destroy did not detect anything... (I suppose you cleaned the infections detected by Spybot).
I can't see that the PC is still infected...
Maybe you can schedule a boot time scanning with avast and a logon time scanning with SpyBot.
Running Ad-aware scanning won't hurt either. To schedule an avast boot-time scanning: Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives. Boot.

You could try on-line scanning and report what you get.
See: http://www.mwti.net/antivirus/mwav.asp or http://www.security-ops.tk

Other: TrendMicro Housecall, Bit DefenderF-Secure (ActiveX required).
« Last Edit: May 12, 2005, 04:23:05 AM by Technical »
The best things in life are free.

DukeNukem

  • Guest
Re: Rbot_P2
« Reply #2 on: May 12, 2005, 11:53:14 AM »

BTW, I run WindowsXP Home Edition, not updated with SP1 or 2 since the last crash and re-installation of XP.


You should get SP2 and install it using this method,

http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp

Are you using a firewall?

Daddy-Martin

  • Guest
Re: Rbot_P2
« Reply #3 on: May 18, 2005, 04:22:07 PM »
Thanks for the suggestions posted here.
over the last week I've discovered some things:
first, when I replaced the damaged sound card on my motherboard 18 months ago I received a cd with the drivers for it and installed them.  At that time, McAfee virus scan did NOT notice that the disc was infected.   :-X

so when I attempted to reinstall the drivers after reinstalling xp Avast found the trojans on the disc.  at DriversHQ I subscribed and was able to locate the manufacturer so I could download the drivers I need.  Unfortunately, I am still without sound, either from system (windows default sound scheme) or from music cds.  I expect this to get fixed when I do the slipstream reinstall later today.

the first attempt at the slipstream reinstall was not successful, but I didn't install and run ISOBuster exactly as directed.  I will do that this time. (trifocal eyeglasses make life interesting some times.)

When I run SpyBot, it shows me infected with DyFuCA and n-Case and is unable to remove them.  could it be that they are in the Avast chest and therefore detectable but not removable?

I also downloaded Microsoft antispyware beta version.  and Zone Alert, and Diamond TDS, and No Adware, and SpyBlaster.  perhaps I'm overprotected.

my plan for post reinstallation is to only install Avast, TDS, ms antispy, and ZoneAlert.

With all that I have installed now, I am unable to access my work email through webnotes.  also, some of my premium websites (of adult nature   :o ) won't work correctly - the message function in particular.

Thanks again for the the information presented here in response to my question.  it's tough when one can only post once per day, but that has allowed me time to try things and learn (I hope) about this tool on which I depend for so much.

Best regards to all!