Backdoor.Win32.Rbot.gen

Discussion in 'malware problems & news' started by lynchknot, Oct 8, 2004.

Thread Status:
Not open for further replies.
  1. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    escan free found this - verified by running KAV 4.5 as well - So I sent to "infected" folder but when I use msconfig at run, it still works. Is there something I should know? Thanks.
     
  2. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Mods please move as I have posted in wrong forum. Thank you.
     
  3. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    You need to delete the autorun entry for this worm and reboot. Make sure you got rid of the worm by doing a scan in Safe Mode if possible.

    The common autrorun entry-points in your registry are:

    HKLM\Software\Microsoft\Windows\Run
    HKLM\Software\Microsoft\Windows\RunOnce
    HKCU\Software\Microsoft\Windows\Run
    HKCU\Software\Microsoft\Windows\RunOnce

    where:

    HKLM stands for HKEY_LOCAL _MACHINE
    HKCU stands for HKEY_CURRENT_USER

    You can use RegEdit in Normal or Safe Mode: Start, Run, RegEdit

    or you can get a handy startup-manager like CodeStuff Starter to do this {delete these autostart entries if they exist}. Good Luck! ;)
     
Thread Status:
Not open for further replies.