Backdoor.Win32.Rbot.gen

Discussion in 'malware problems & news' started by lynchknot, Oct 8, 2004.

Thread Status:
Not open for further replies.
  1. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    escan free found this - verified by running KAV 4.5 as well - So I sent to "infected" folder but when I use msconfig at run, it still works. Is there something I should know? Thanks.
     
    lynchknot, Oct 8, 2004
    #1
  2. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Mods please move as I have posted in wrong forum. Thank you.
     
    lynchknot, Oct 8, 2004
    #2
  3. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    You need to delete the autorun entry for this worm and reboot. Make sure you got rid of the worm by doing a scan in Safe Mode if possible.

    The common autrorun entry-points in your registry are:

    HKLM\Software\Microsoft\Windows\Run
    HKLM\Software\Microsoft\Windows\RunOnce
    HKCU\Software\Microsoft\Windows\Run
    HKCU\Software\Microsoft\Windows\RunOnce

    where:

    HKLM stands for HKEY_LOCAL _MACHINE
    HKCU stands for HKEY_CURRENT_USER

    You can use RegEdit in Normal or Safe Mode: Start, Run, RegEdit

    or you can get a handy startup-manager like CodeStuff Starter to do this {delete these autostart entries if they exist}. Good Luck! ;)
     
    Randy_Bell, Oct 9, 2004
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...