New virus win32:Rbot-FTK (trj)

Viruses and worms
1

Anyone,

I need some help,
was downloading a game from the spintop site and received a virus named.
win32:Rbot-FTK (trj).
With the virus scan (avast latest adition ) I have moved all infected files into the chest as recommended.
all the files are ocx and exe file and are in my system (windows XP):
by c:\System Volume information_restore…

I’m really not good with computers.
can anyone tell me if I can delete this files from the virus chest within Avast.
or can anyone tell me what to do to get this virus out off my system.

Thanks,

Seijapas

2

Hi SEIJAPAS,

Try to upload the file the virus was found in to virustotal at http://www.virustotal.com/
Then report back the results, because there is reason to assume this is a FP,

polonus

3

Hi,

I tried to dowlnoad this file again because I stopped the downloading the first time after the virus was found,
now the file is not downloading full size.
So the option your told me is not working I think.

the file is called NatalieBrooksSetup.exe.

Do you have a other option?
I also got a virus with the game slingo quest hawaii, this I have sen to Virus total,
and this was the result.

Can you tell me what to do? the game is still working.

Antivirus Versie Laatst geüpdatet Resultaat
AhnLab-V3 2008.4.23.0 2008.04.22 -
AntiVir 7.8.0.8 2008.04.22 -
Authentium 4.93.8 2008.04.22 -
Avast 4.8.1169.0 2008.04.21 -
AVG 7.5.0.516 2008.04.21 -
BitDefender 7.2 2008.04.22 -
CAT-QuickHeal 9.50 2008.04.22 -
ClamAV 0.92.1 2008.04.22 -
DrWeb 4.44.0.09170 2008.04.22 -
eSafe 7.0.15.0 2008.04.21 -
eTrust-Vet 31.3.5725 2008.04.22 -
Ewido 4.0 2008.04.22 -
F-Prot 4.4.2.54 2008.04.22 -
F-Secure 6.70.13260.0 2008.04.22 -
FileAdvisor 1 2008.04.22 -
Fortinet 3.14.0.0 2008.04.22 -
Ikarus T3.1.1.26.0 2008.04.22 Generic.Win32.Malware
Kaspersky 7.0.0.125 2008.04.22 -
McAfee 5278 2008.04.21 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3046 2008.04.22 -
Norman 5.80.02 2008.04.22 -
Panda 9.0.0.4 2008.04.22 -
Prevx1 V2 2008.04.22 -
Rising 20.41.12.00 2008.04.22 -
Sophos 4.28.0 2008.04.22 -
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.22 -
TheHacker 6.2.92.287 2008.04.22 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.22 -
Webwasher-Gateway 6.6.2 2008.04.22 Virus.Win32.FileInfector.gen (suspicious)
Extra informatie
File size: 348416 bytes
MD5…: a6bc104183af46e4b8bdd704877e7cce
SHA1…: 6ceb8aa5045ec8cfa0641bf9598d59d031933a87
SHA256: 5ff63d3ef980e13cbaa0eee2a427555efc6494a9c4f83088b9ce5845eca3a40b
SHA512: ccc97f5ac729daf9b7b314f72fea2a7802e122c2c586e73808a3510e161595c4
66bec7a9bb5ee2f9ccfc0bbd9f9082fadb24c8c1d7ad518fff6b803cc7d038e7
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x459039
timedatestamp…: 0x479fb8df (Tue Jan 29 23:38:07 2008)
machinetype…: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x26a8e 0x27000 6.69 e7b1123a0b8eecd35c3ffec5b220ef2b
.rdata 0x28000 0x3216 0x4000 4.82 4387650d8ac8e62c8a6d6c6a53580e5b
.data 0x2c000 0xce9c 0x9000 4.14 e35c8acd5133257abec638c7dd83c837
.rsrc 0x39000 0x1f906 0x20000 4.55 6dc08a54f476a09be3c66a6a9ffe445a
.FFF 0x59000 0x1000 0x100 3.70 322d6e455c2ac11e47dde6160ca754e3

( 7 imports )

KERNEL32.dll: CreateEventA, Module32Next, Module32First, LocalFree, FormatMessageA, CreateMutexA, OpenMutexA, WaitForSingleObject, LoadLibraryA, GetProcAddress, GetTickCount, WaitForMultipleObjectsEx, CreateThread, GetCurrentThread, SetEnvironmentVariableA, MulDiv, LocalAlloc, WriteFile, RaiseException, CompareStringW, CompareStringA, GetOEMCP, GetACP, GetCPInfo, lstrlenA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, SetStdHandle, FlushFileBuffers, SetFilePointer, GetFileType, GetStdHandle, SetHandleCount, ReadFile, GetFileSize, GetCurrentProcessId, CreateFileA, ResetEvent, GetCurrentProcess, DuplicateHandle, GetLastError, OutputDebugStringA, SuspendThread, CreateProcessA, ResumeThread, WriteProcessMemory, OpenProcess, ReadProcessMemory, SetCurrentDirectoryA, GetModuleFileNameA, GetCurrentDirectoryA, FindFirstFileA, FindClose, CreateToolhelp32Snapshot, Process32First, GetEnvironmentStringsW, GetEnvironmentStrings, Process32Next, CloseHandle, TerminateProcess, Sleep, GetExitCodeProcess, DeleteFileA, SetFileAttributesA, FindNextFileA, MoveFileA, RemoveDirectoryA, FreeLibrary, FileTimeToDosDateTime, GetSystemTimeAsFileTime, GetFileAttributesA, CreateDirectoryA, GetVersion, HeapFree, HeapAlloc, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, ExitProcess, SetEndOfFile, InterlockedDecrement, InterlockedIncrement, HeapReAlloc, HeapSize, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, RtlUnwind, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte
USER32.dll: LoadIconA, RegisterClassExA, CreateWindowExA, UpdateWindow, PeekMessageA, TranslateMessage, DispatchMessageA, BeginPaint, EndPaint, DefWindowProcA, GetClientRect, LoadCursorA, SetCursor, SendMessageA, SetWindowTextA, MessageBeep, GetWindowRect, IsWindowVisible, ShowWindow, SetForegroundWindow, BringWindowToTop, AdjustWindowRectEx, IsIconic, SystemParametersInfoA, MoveWindow, GetDesktopWindow, GetActiveWindow, MessageBoxA, PostMessageA, GetTabbedTextExtentA, GetDC, ReleaseDC, wsprintfA, GetWindowThreadProcessId, IsWindow, GetForegroundWindow, SendMessageTimeoutA
GDI32.dll: CreatePen, Rectangle, CreateSolidBrush, LPtoDP, SetTextColor, TextOutA, CreateFontA, SelectObject, DeleteObject, CreateDIBSection, SetBkMode, DeleteDC, CreateCompatibleDC, BitBlt, GetObjectA
ADVAPI32.dll: CryptDestroyHash, CryptAcquireContextA, CryptCreateHash, CryptHashData, RegOpenKeyExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, CryptImportKey, CryptVerifySignatureA, CryptDestroyKey, CryptReleaseContext
WINMM.dll: timeGetTime
IMAGEHLP.dll: ImageRvaToVa, MapAndLoad, UnMapAndLoad
COMCTL32.dll: _TrackMouseEvent

Regards,

Seijapas

4

They generally corrects false positives very quickly.
Try to update avast and check again if it is still being detected as infected.

5

Do I need to delete the files from the cest within Avast or do I need the to restor first before I run a new virus scan?

6

If it is found to be a false positive the last thing you want to do is delete.

Scan it from within the avast chest (right click on the file and select the scan option) and if no longer detected restore it.

7

I have checked the files and no virus was found have restored these files and
have scanned my computer after this.
no virus was found now.

Do I need to leave these files into the chest now or can I delete them now ?

8

When restored there is a copy still in the chest (just in case the restore doesn’t work), once you confirm the file is in the original location you can delete it from the chest.

9

Thanks for all your help, everything is working again.

Seijapas

10

You’re welcome.