Results 1 to 2 of 2

Thread: Dell Tuneup program detected a worm called Rohbot but...

  1. #1
    rssddsc Guest

    Default Dell Tuneup program detected a worm called Rohbot but...

    Dell Tuneup program detected a worm called Rohbot but Zone Alarm has always been running and I have all the latest updates including today's updates.


    Can anyone confirm Zone Alarm version 7X allows this worm: Rohbot to infect systems or should I write this off as
    a false reading???

    Also can anyone comment on the Anti-Virus/Anti-Spyware software supposedly running?
    Its supposed to be Kaspersky but what version and how to I know I am getting the best possible Kaspersky ???

    Does Zone Alarm provide realtime virus checking and not only disk scans??

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    jolesole Guest

    Default Re: Dell Tuneup program detected a worm called Rohbot but...

    W32/Rohbot-A is a worm and backdoor which allows a remote intruder to gain access and control over the computer.

    W32/Rohbot-A spreads by copying itself to network shares protected by weak passwords.

    When first run W32/Rohbot-A copies itself to \wmisrv.exe and creates the following files:

    \uis5.bat - a batch file which may safely be deleted
    \activex32.ocx - a text file which may safely be deleted
    \clog.exe - a clean logging utility
    \pskill.exe - a potentially unwanted application, detected as PsKill
    \pslist.exe - a clean utility to list process information
    \wmiaqsrv.exe - also detected as W32/Rohbot-A

    In addition W32/Rohbot-A may drop utilities detected as PSShutdown, Iroffer, and Serv-U.

    The file wmiaqsrv.exe is registered as a new system driver service named "WmiAqSrv", with a display name of "WMI-Service" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

    HKLM\SYSTEM\CurrentControlSet\Services\WmiAqSrv\

    Sophos's anti-virus products include Behavioral Genotype Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against W32/Rohbot-A (detected as Mal/Behav-056) since version 4.10

    Please download Malwarebytes or Spyware Doctor

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •