Can find nothing on search with this reference
Avast! id’s this as virus. NAV does not.
Chatting w Symantec they say it is ‘dangerous’ (see the Chat below) - and offer to remove it (for a price) but will not tell me what it does.
So. WHAT DOES Win32:PSW-RAS-B DO??
Here is my futile interchange with Symantec:
Problem: Another of my antivirius programs (Avast!) identifies a virius in a program that I downloaded called xpkey.exe The virius is identified as Win32:PSW_RAS_B[Tool]. Searching on the internet shows several references to this as a Trojan. Running NAV shows nothing. Is NAV missing something that Avast! is finding, or is Avast! misidentifying something?
user temp t has entered room
analyst Mastan has entered room
Mastan(Tue Jul 18 12:45:31 CDT 2006)>
Hello temp t, my name is Mastan.
Mastan(Tue Jul 18 12:45:40 CDT 2006)>
Welcome to our Virus Consultation & Removal Service. Is this the first time you are contacting us on this issue?
temp t(Tue Jul 18 15:45:47 CDT 2006)>
yes
Mastan(Tue Jul 18 12:46:14 CDT 2006)>
Your Chat Case Reference Number for this issue is 227361. Please make a note of it for future reference.
temp t(Tue Jul 18 15:46:23 CDT 2006)>
ok
Mastan(Tue Jul 18 12:47:17 CDT 2006)>
I understand from your message that your system is infected with a worm/Trojan and you are not able to remove it. Am I right?
temp t(Tue Jul 18 15:47:23 CDT 2006)>
no.
temp t(Tue Jul 18 15:47:48 CDT 2006)>
problem is that another virus program id’s a virius that NAV does not seem to recognize
temp t(Tue Jul 18 15:48:03 CDT 2006)>
Win32:PSW-RAS_B
Mastan(Tue Jul 18 12:48:24 CDT 2006)>
However, there are certain virus programs which creates entries in registry and behaves as windows applications, so Norton will not be able to detect those virus and incase if Norton detects, it won’t be able to delete those files, as it may be one of the program files that is in use by the operating system. There are also chances that its made an entry in the registry before the definitions are downloaded.In that case there are chances that it may not get detected.
temp t(Tue Jul 18 15:48:29 CDT 2006)>
I wish to confirm this as a threat, and to know what it does
temp t(Tue Jul 18 15:48:59 CDT 2006)>
the other program finds it on scan of the file
Mastan(Tue Jul 18 12:49:25 CDT 2006)>
Yes, This is a very harmful threat to the system.
temp t(Tue Jul 18 15:49:36 CDT 2006)>
what does it do?
Mastan(Tue Jul 18 12:49:50 CDT 2006)>
It’s very important to get rid of this virus as this hampers the system performance and stop the system from functioning normally.
These are the main virus infections that expose your confidential information and diminish your PC’s performance.
temp t(Tue Jul 18 15:50:44 CDT 2006)>
yeah. cool. but what does it actually do. Am sure I can get rid of it (will recontact you if i can’t) but i can find no solid info on what is is. HOPING is not a root-kit
Mastan(Tue Jul 18 12:51:44 CDT 2006)>
Here we have skilled virus removal specilaist who will remove this virus from your computer and if there is any issue, they can remote login to your computer and delete the infected files manually. In case, there is still any issue, we have our supervisors call you back to know the status of the issue and help you completely remove it from your computer.
Mastan(Tue Jul 18 12:51:59 CDT 2006)>
We have to remove manually.
temp t(Tue Jul 18 15:52:14 CDT 2006)>
what is it?
Mastan(Tue Jul 18 12:53:04 CDT 2006)>
We have to remove this threat manually as it will be hidden in registry files.
temp t(Tue Jul 18 15:54:10 CDT 2006)>
umm. registry files are not exactly hidden from regedit – But I really do want to know what it DOES so I can figure out if anything serious has been compromised.
Mastan(Tue Jul 18 12:54:46 CDT 2006)>
I would like to inform you that this is a paid consultation service. We have two options that you can select from.
temp t(Tue Jul 18 15:55:38 CDT 2006)>
OK. So NAV compeltely MISSES the virus & then wants to charge for removal. No Deal. Will figure it out myself.
Mastan(Tue Jul 18 12:56:09 CDT 2006)>
Free Online Support
Symantec provides free online support that has easy to follow ‘step by step instructions’ to remove the threat from your system. The free online support is available to you at http://securityresponse.symantec.com./ Type in the relevant virus/spyware threat name in the search box to receive the instructions.
temp t(Tue Jul 18 15:58:05 CDT 2006)>
You do NOT seem to UNDERSTAND. Removal is not the problem. Am SURE I can remove it. JUST WANT TO KNOW WHAT IT DOES>
At this point the chat went ‘OFFLINE’ from the Symantec end. IE: they hung up!
The referenced link was useless (I had, of course, been there before contacting the chat)
