What does Win32:Rbot-CGK get up to?

Viruses and worms
1

Does anyone know what the following Trojan gets up to:
Win32:Rbot-CGK

Got a customer who downloaded EyeBatch2 and it is being flagged as containing this Trojan.

Is there anywhere on the Alwil website that we can lookup a particular virus in some details i.e. see what it does, its nature, etc?

2

Found this information on the Sophos website.

Interesting!

3

Looks like they could potentially be a false positive!

Eyebatch is the application being flagged as containing this Trojan. How do we go about getting Alwil to investigate and fix any potential false positive in a future signature update?

The program can be found here:
http://www.atalasoft.com/download/

AVG and Bitdefender show the installer to be free of nasties.

Thanks in advance.

4

Hi roundtrip,

According to DrWeb s anti-virus link checker, the download link is clean. The removal instruction is here: http://www.bleepingcomputer.com/startups/dllmanager.exe-14479.html

polonus

5

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.

6

Thanks for the info but this looks to be a false positive.

The removal instructions aren’t relevant since the dllmanager.exe file isn’t created. Avast is detecting the main Eyebatch.exe file as being infected but other virus scanners, AVG and Bitdefender, are showing that it is clean.

Perhaps someone from Avast support would like to look into this one and let us know.

7

Sorry missed the comprehensive reply by DavidR - big thanks.

It does indeed seem to be a false positive or Alwil are detecting a bad guy before everyone else! I’ve reported it as per the instructions given on this thread.

Thanks everyone.

8

Your welcome. Hopefully it will be quickly resolved.