This Trojan is detected nearly every day on our computer by AVG anti malware. When I delete it after detection, it often reappears on consecutive scans. It may appear again in the next scan 5 minutes later or in another scan in a couple of days. My mother runs a scan every morning. We have no idea where this thing has come from nor how to get rid of it. I have looked up forums and found them to be confusing or too complicated to follow. I was wondering if the techs at Avast are aware of this backdoor code? We have Avast 4.7 Home Edition (latest version) running as our resident shield.
If a virus is replicant (coming and coming again), you should:
-
Enable/Disable System restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k.
-
Clean your temporary files. You can use the Windows Advanced Care features for that.
-
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
-
It will be good if you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers). Some users recommend SUPERantispyware or Spyware Terminator.
-
Use the immunization of [url=http://SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.
What is the file name and location?
What operating system do you have?
Hi yahpete2003,
in addition, have you got a firewall protecting your computer?
Try scanning for rootkits.
I’d recommend F-Secure BlackLight, the Panda scanner, and the BitDefender scanner listed here:
http://www.antirootkit.com/software/index.htm
Do all scanning offline, and make sure you have a firewall up before reconnecting to the internet.
Zone Alarm is a good one:
http://www.zonelabs.com/store/content/support/zasc/gettingStarted.jsp?anchor=alerts&lid=zasupp_u
Here is a proposed cleansing routine:
http://www.geekstogo.com/forum/lofiversion/index.php/t105345.html
polonus
is Spyware Terminator safe to use. I believe it was on the rogue spyware list but was removed. Any thoughts on this?
If you search the avast forum for Spyware Terminator you’ll see more info about it.
Like I’ve said, some users say it’s ok, others won’t trust in the company.
Right now, the status is NOT rogue.
I’ve used it and trust it, but I’ve had some conflicts. I hope to try again with a future version, though.
EDIT:
@ yahpete2003
Look for the presence of the following files
C:\windows\system32\svccms.exe
C:\windows\system32\techstart.exe
C:\windows\system32\init.exe.
These paths assume you have Windows XP but you still haven’t given us that or the file name/location that avast detected. This information would be helpful 8)
Here are the details I got of the trojan from AVG spyware scanner…
Backdoor.Rbot.aeu
bypasses normal authentication or provides remote access to a computer,
while attempting to remain hidden from inspection
1 trace in this location
[2452]VM_009EB000
My mothers O/S is Windows XP home addition.
I ran BitDefender online scanner yesterday which detected some trojan dumper and it said ‘unable to disinfect’ but I will run that again tonight. We already have ZoneAlarm firewall installed so hopefully that is making a difference.
- Ive disabled System Restore which made me nervous but anyway its done. Im about to install Windows Advanced Care.
- Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting). YEP gonna do that after I run WAC.
I already have AVG spyware scanner, and ‘a Squared’. I would try Spybot Search & Destroy and Adaware 2nd addition but my mother doesn’t trust those two. Im still pondering whether or not to try SUPERantispyware or Spyware Terminator.
I will let you know how things go…
Thanks All!
It looks like I have managed to get rid of the trojan. I’ve run two AVG antispy scans in a row and there is no sign of it. The bad news for anyone else with the problem is that I don’t know how I got rid of it. I ran scans with the following spyware scanners…
Advanced WindowsCare V2 Personal
Spyware Terminator
SuperAntiSpyware free addition
blbeta.exe by F-Secure.
The trojan or trojan dropper was not identified in these scans although other crawlies were. I remember finding StumbleUpon toolbar in one of the scans and deleting this finally. Then I ran the first AVG scan and the trojan is gone. StumbleUpon was said to be high risk so that could have been the culprit? Sorry for the vague info. If I can backtrack all the events tomorrow I will post them for anyone who might need to know.
Its good you removed StumbleUpon Toolbar but its not the source of the original problem
http://www.emsisoft.com/en/malware/?Adware.Win32.StumbledUpon+Toolbar
I still can’t remember the sequence I went through to get rid of the trojan. I am assuming it is gone for good because it hasn’t reappeared in AVG scans since my last post and it used to show up in each daily scans. If it is hiding from avg now then I have to wear the consquences.
My concern was that there was something downloading rbot.aeu that had note been identified. But if you remain symptom free its probably fine now 8)