- Yesterday
- Posted by Dave Budd on October 14th, 2004
I was checking out a machine yesterday, and Stinger spotted Serv-U and
removed it. Then Sophos's SAV32CLI (update with IDEs up to 10:00 that
day) from SafeModeWithCommandPrompt found nothing. But I could still see
something called rBot.exe in Task Manager, which I didn't like the look
of. Got rid of it eventually by searching the entire registry for it:
about 5 places, iirc - and deleting all the keys. VirusScan7 with 4397
didn't spot it either.
So, there may be a version of RDbot or SDbot or... out there which is
just slightly ahead of some of the major antivirus tools.
As so often happens, I didn't take a copy to send in for analysis. Oops.
--
Juggle (verb, transitive): To tease gravity [with <i>object[s]</i>]
- Posted by Janus on October 14th, 2004
In article <MPG.1bd8477d5a55ecce989ba9@localnews.mcc.ac.uk> ,
ddotbudd@man.ac.uk says...
....<snip>...
Spybots are not viruses. Therefore, AV programs do not deal with them,
usually. In addition to an AV program, it is a very good idea to run a
spybot detector or two. My machines are covered by F-Prot (AV), Ad-
Aware, from lavasoft and Spy-bot S&D. Updated and used regularly...
The latter two, btw, are available in basic forms for free.
hth
cel
- Posted by David H. Lipman on October 14th, 2004
1) Download the following three items...
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp
Adaware SE (personal free version)
http://www.lavasoftusa.com/
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt194.zip
Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.
2) Update Adware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
10) Please report back your results
Dave
"Dave Budd" <ddotbudd@man.ac.uk> wrote in message
news:MPG.1bd8477d5a55ecce989ba9@localnews.mcc.ac.u k...
| I was checking out a machine yesterday, and Stinger spotted Serv-U and
| removed it. Then Sophos's SAV32CLI (update with IDEs up to 10:00 that
| day) from SafeModeWithCommandPrompt found nothing. But I could still see
| something called rBot.exe in Task Manager, which I didn't like the look
| of. Got rid of it eventually by searching the entire registry for it:
| about 5 places, iirc - and deleting all the keys. VirusScan7 with 4397
| didn't spot it either.
| So, there may be a version of RDbot or SDbot or... out there which is
| just slightly ahead of some of the major antivirus tools.
| As so often happens, I didn't take a copy to send in for analysis. Oops.
| --
| Juggle (verb, transitive): To tease gravity [with <i>object[s]</i>]
- Posted by Dave Budd on October 14th, 2004
In article <MPG.1bd81e3c5abd6e64989692@news.magma.ca>,
janusNOSPAM@PLEASEmagma.ca says...
Did I mention Spybots? No.
Did I mention the commonly used names of a couple of virus families?
Yes.
Did I run both SpyBotS&D and Lavasoft's Ad-Aware? Yes.
Did they find the particlaur thing I'm talking about in my post? No.
Thanks for playing.
--
Juggle (verb, transitive): To tease gravity [with <i>object[s]</i>]
