Hello, I have been using the free version of Avasr! for a few days and it says I do not have any viruses.
I have done 2 boot scans and 3 normal scans.
If I use Trend Micro on line scan service, each day it says I have RTKY-AGENT.CTH.
I delete it and do another scan and it’s gone the next scan.
The next days I do another scan and it’s back.
Is this a real virus / trojan? and what should I do as Avast! says I am OK, having removed a few on the initial boot scan.
I’m using Windows 2000 SP4
Many thanks
I think there must be some files which have some to do with the virus .
you should find them out ang kill them at once .
Otherwise,the virus would come back again if you just kill part of them.
Please submit the infected file to JOTTI and let us know what it says.
Also tell us the location of the file.
Eddy hi~~
JOTTI is an online-scan tool?
do it send back a report to me if i upload a file?
Hello,
I have very basic computer skills and have absolutely no idea where and how to find the file…when it reappears each day.
I stand more chance of performing brain surgery than doing what you suggest. And, who is Jotti?
I am a very old man!
IF Avast says I do not have a virus, why does Trend Micro say I have one ??? Why do I believe?
Eddy hi~~
JOTTI is a nice thing
bu if I have a big file , it is hard to upload right?
Depends all on your upload bandwidth.
Take your time.
Better slow and good then fast and sorry
There is a file size limit on both Jotti:
Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.
also try VirusTotal - Multi engine on-line virus scanner that I believe also has a file size restriction although I couldn’t find any reference to one.
Hi Alex45,
Here is info on this virus:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=RTKT_RUSTOCK.C
Technical details, and links to variations of this rootkit:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=RTKT_RUSTOCK.C&VSect=T
polonus
Hi Alex,
Jotti is an on-line service that scans a file you submit with many antivirus programs. This gives you multiple opinions about whether the file is infected or not. It is located here:
The problem is you need to locate the file on your computer in order to use Jotti.
Different antivirus programs use different detection techniques and different virus signatures. This often leads to disagreement as to what is and is not malware.
If you follow Polonus’ first link above there is a “Solution” link toward the bottom of the page. Click on that and see if the information is something you can work with. When you do the Trend Micro suggested there (yes you will need to do it again) make sure to notate the file name and location (it will look something like C:\windows\filename.ext).
Post again with the file name and path and/or if you need additional help.
Hi Alex :
If you do have a "rootkit", the BEST place to get help is by
one or more of the Experts at :
http://www.castlecops.com/f233-Rootkit_Revelations.html
They would guide you in a step-by-step procedure ; they
might recommend and/or you MAY want to try the "Guide" :
Alex45,
If you aren’t sure if your machine might have a rootkit type of infection then may I suggest you go HERE and download this free program. This program will tell you if your machine does have a rootkit problem. It’s free and easy to use.