Windows update and trojans

[Flutje]

Hello!

I need some help. I just bought a new PC and installed Windows 2000 Pro. While doing an update of the security issues that are present in Windows 2000 on the Windows update page I keep getting warnings from Avast (by the way I love the program. I tried all sorts but this is the best).

After getting the following three warnings I stopped the update.
12/11/2004 5:55:09 PM   SYSTEM   536   Sign of "Win32:Rbot-Q [Trj]" has been found in "C:\WINNT\system32\TFTP1484" file.  
12/11/2004 6:00:20 PM   SYSTEM   536   Sign of "Win32:Rbot-HI [Trj]" has been found in "C:\WINNT\system32\TFTP1540" file.  
12/11/2004 6:09:15 PM   SYSTEM   536   Sign of "Win32:Rbot-EE [Trj]" has been found in "C:\WINNT\system32\TFTP1116" file.  

I assume these are true Trojans and not some mistake in Evast?
I tried searching on Google for these Trojans but found only three references which weren't usefull.

Any advice?

Regards,
Martin

[Eddy]

Submit the files to JOTTI and tell us what it says.

[Flutje]

I couldn't do a check of the previous files because as soon as Avast detected them I had them deleted by Avast. But i was sure there would be more if I continued updating and yes there they were.

12/11/2004 7:13:11 PM   SYSTEM   536   Sign of "Win32:Rbot-EE [Trj]" has been found in "C:\WINNT\system32\winole.exe" file.  

I uploaded this one to JOTTI and here is what it says:
File:  winole.exe  
Status:  INFECTED/MALWARE  
Packers detected:  MOLEBOX
   
AntiVir  Worm/RBot.RT (0.20 seconds taken)
Avast  Win32:Rbot-EE (3.01 seconds taken)
BitDefender  Backdoor.Rbot.RP (0.34 seconds taken)
ClamAV  Trojan.Spybot-79 (0.34 seconds taken)
Dr.Web  Win32.HLLW.MyBot (0.50 seconds taken)
F-Prot Antivirus  W32/Spybot.AWJ (0.06 seconds taken)
Kaspersky Anti-Virus  Backdoor.Win32.Rbot.gen (0.62 seconds taken)
mks_vir  Trojan.Rbot.Gen (0.20 seconds taken)
NOD32  Win32/Rbot.AEF (0.37 seconds taken)
Norman Virus Control  No viruses found (4.77 seconds taken)

[Eddy]

Let me guess, you went online without having av software installed and a firewall.

Click on the link in my signature and follow the instructions as explained in the malware removal section to make sure your system is clean.

[Flutje]

Well you are not completely right. I went on-line with avast installed (I thought I also installed Zonealarm but am not sure now). I did an update and then installed Zonealarm.

I will do a fresh install of Windows again and first install Zonealarm and Avast and then install my internet connection software and see what happens with the update of Windows.

I'll be back in half an hour to report.

Martin

[Flutje]

Although I redid a clean install (again) I needed to scan my system with adaware and spybot and had to remove a lot of junk (strange I wouldn't have expected this seeing as it was a clean install).
I also needed to run the two programs after every windows update and remove a lot of junk but I am still virus free and windows is completely updated

I am used to working with windows '98 and I found this system of updating and scanning with adaware so I wouldn't get trojans on my system very starnge.

It's just something I need to get used appearantly.

Thanks for the help and quick response! It's appreciated!!!

Martin