Re: Need help on home network with recovery from rbot.gen virus
- From: AyeKantSpeylGud <AyeKantSpeylGud@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 9 Feb 2008 01:25:01 -0800
I think I found it! I tried it and it just worked for me. :-D
Go here: http://windowsxp.mvps.org/aupolicy.htm
Basically...
Open Regedit.
Go to HKLM\Software\Policies\Windows\WindowsUpdate\AU
Delete or change any value that implies disabling Windows Update (See
website). I did not have any values in this key.
Also check:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate
Delete or change any value indicating that Windows Update will be disabled.
I did not have the values that the website mentions but the virus had entered
a "NoWindowsUpdate" and had that value ON.
In that same exact area was a different option for no control panel! I knew
I should've changed that, I thought it was weird when I first saw that but I
didn't bother. Oh well. Hope that helps you as much as it did me!
Take care & Best Luck!!!
Heather
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Policies \ WindowsUpdate
In the right-pane, delete the value DisableWindowsUpdateAccess
"denzel" wrote:
.Denzel,
If you have the original file, upload it to http://www.virustotal.com
and report the results back here.
Regards,
Leonard Agoado
agoado@xxxxxxx
http://www.virustotal.com/analisis/eb1fcb79ea86a866a31ca76bcc285695
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - BAT/RBot.94038
Authentium - - -
Avast - - Win32:Rbot-CYW
AVG - - IRC/BackDoor.SdBot3.XGI
BitDefender - - GenPack:Generic.Sdbot.4502EEEF
CAT-QuickHeal - - Backdoor.Rbot.fwe
ClamAV - - -
DrWeb - - Win32.HLLW.MyBot.based
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - Win32/Rbot!generic
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - Backdoor.Win32.Rbot.fwe
Ikarus - - Backdoor.Win32.Rbot.aeu
Kaspersky - - Backdoor.Win32.Rbot.fwe
McAfee - - -
Microsoft - - Backdoor:Win32/Rbot.gen
NOD32v2 - - a variant of Win32/Rbot
Norman - - W32/Spybot.CKSQ
Panda - - W32/Sdbot.LMD.worm
Prevx1 - - Backdoor.IRCBot.gen
Rising - - Backdoor.Win32.Rbot.GEN
Sophos - - Mal/Generic-A
Sunbelt - - Backdoor.SDBot
Symantec - - -
TheHacker - - -
VBA32 - - Win32.HLLW.MyBot.based
VirusBuster - - -
Webwasher-Gateway - - Worm.Rbot.210944
Additional information
MD5: fc216d7b5859115a618d3adc83359349
SHA1: 18a8897baa1b1ded75e221be47cd0841d305eb6f
SHA256: 73a3f914ca5f0c2ce76186288f4c8919ea73dbc0f4c5e13fc38806ec721cc6df
SHA512: 915653b73f83b657f9ed19806d3fdcbfd3857837245d5c18836972fd32002dfe
a6362bf50a7b335ed0f03d85b371cbcd28b0a18e681a24100145610b9c0ef567
- Prev by Date: Re: Need help on home network with recovery from rbot.gen virus
- Next by Date: Music keeps playing in ieplore.exe
- Previous by thread: Re: Need help on home network with recovery from rbot.gen virus
- Next by thread: Music keeps playing in ieplore.exe
- Index(es):
