Results 1 to 2 of 2

Thread: malware/virus problems, is this zotob or rbot virus? please help

  1. #1
    mzbettie Guest

    Default malware/virus problems, is this zotob or rbot virus? please help

    After rebuilding my computer for the 3rd time, I get to looking through program control in zonealarm.
    I see a file named: This is file.
    I look at the properties and for file version it says Nifty New Software, Special build feild says Secret Sauce.
    I know this is not a valid program so I kill the process.
    Part of my programs are in German and some type of characters, look like Arabic and are little boxes.
    Many of these programs are supposed to be running but they are corrupt.
    Something
    called Keyhook is on there, it seem legit.
    I had rebuild my computer and when I updated with microsoft, security warning from zonealarm popped up saying changes were being made to my system.
    Because I am downloading all updates I figure well that makes sense because the updates would change system files.
    The changes have to do with system 32 and also my drivers.
    Whenever my computer restarts it asks me to allow some type of change with
    files in system and it says these files will change each time the computer restarts, some I do allow and some I deny because they look wrong.
    Is this where I started to make mistakes?
    I also checked the properties against the security advisor, the
    warnings I did allow
    seemed legit so I didn't think anything of it at that time.
    Then I look through program control and kill a process called
    wkkillup.exe.
    In the properties it says it is a system 32 file but the name sounds wrong.

    At first I thought it was a legit program because I could find nothing on it, so I uninstalled zonealarm and put some other trial security suites on it, like CA & Liveonecare.
    My computer acted worse.
    I reinstalled Zonealarm because I felt it at least worked part of the time.
    I have searched online for wkkillup.exe and called Microsoft Virus support like 5 times and they say not to worry until malware scanner or
    virus scan catches something.
    They say Zonealarm is taking up all my system resources but even when it is uninstalled my computer is slow and acts strange.
    Finally I found info saying that wkkillup.exe is either a Rbot virus or Zotob.
    I am concerned because my computer will not run correctly.
    I am on a wireless network and if this is zotob/rbot then I am afraid it will infect the other computers in the house.
    When I try to open a program, like 5 windows pop up at the same time then icons disapeer and reappear.
    Then later on it will be fine again, as if nothing is wrong, but the computer is so slow that it will barely run.
    Sometimes when my computer shuts down there will be several error messages.
    One in particular, about MSN messenger, I always had it disabled in IE7 but now an icon pops up like I have been using it.
    I even went into add/remove components for XP and uninstalled MSN messenger and it still comes on and asks me to log in.
    I have never used it in my lifetime.
    Part of the time in my
    windows firewall, which is
    not disabled and running the same time as zonealarm, there are files that pop up, one is something like @p2sp, then it disappears on it's own.
    I
    try to use Grisoft virus removal tool and it shuts down.
    Every tool I use shuts down.
    Can someone tell me anything to help or at least tell me what they think might be happening?
    Any help is greatly appreciated.









    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    jdoliver Guest

    Default Re: malware/virus problems, is this zotob or rbot virus? please help

    I am NOT a guru or PC expert but here are some questions and a suggestion.
    1. Does "rebuild" your computer include formatting the Hard Drive?
    2. If you are restoring files from backup, have you done a scan of the backup disk before doing restores?
    3. You might try the free scan at www.prevx.com which uses a method not based on signature files.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •