Page 1 of 2 12 LastLast
Results 1 to 15 of 17

Thread: Malware (WinXP)

  1. #1
    Lounger
    Join Date
    Oct 2001
    Location
    Gtr London, England
    Posts
    33
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Malware (WinXP)

    Two files (autorun.inf & install.exe) keep appearing in "My Documents". I'd imagine they're some sort of malware or trojan so obviously I delete them but I can't find out what is behind this.

    I'm running updated latest versions of Norton Anti-Virus, AdWare & Spybot but they don't pick up anything. Nothing unusual is in start up.

    The files don't immediately reappear after I delete them nor on reboot but they have kept reappearing for the past week or so and I haven't been able to establish any sort of pattern.

    As I work in "My Documents" all the time I'm afraid I'm going to accidently click one of them so I'm keen to get to the bottom of this.

    Any ideas?

    Thanks

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Malware (WinXP)

    Examine the autorun.inf file in Notepad. See if there is a name which you can then Google. Look at the properties of install.exe to see if there is any information to search on.

    Joe
    Joe

  3. #3
    Lounger
    Join Date
    Oct 2001
    Location
    Gtr London, England
    Posts
    33
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Malware (WinXP)

    I've already tried that. the .inf is just open=install.exe. I also tried examining the .exe in wordpad to see if there were any clues.

  4. #4
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Malware (WinXP)

    Check the Properties of the .exe file. There might be some clues about whose file it is (what program it installs or the company that made it). The .inf file (autorun) is pointing to the .exe file in an attempt to install or run something.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  5. #5
    Lounger
    Join Date
    Oct 2001
    Location
    Gtr London, England
    Posts
    33
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Malware (WinXP)

    I've checked that and properties are all blank

  6. #6
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Malware (WinXP)

    That's what I suspected. Is there any particular time or program you run that you notice these 2 files being generated in conjunction with ?? Are you online or working offline when you notice them ?? What about dates created or modified in the porperties dialogue ??
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  7. #7
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Malware (WinXP)

    You could download the an evaluation copy of PE Explorer: Delphi Disassembler, EXE file editor, DLL Scan Tool for 32 bit Windows PE files. and use it to examine install.exe. Also, do you have XP SP-2 installed? Have you installed any software that 'phones home' regularly to check for updates?

    Joe
    Joe

  8. #8
    Lounger
    Join Date
    Oct 2001
    Location
    Gtr London, England
    Posts
    33
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Malware (WinXP)

    Thanks. I'll use this program to take a look next time the files reappear (it happens several times a day so shouldn't be too long).

    I'm on a broadband connection and there's no phone line connected to this PC

  9. #9
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Malware (WinXP)

    'Phone home' is just a term meaning a program that contacts the original vendor for any reason one of which might be to check for updates.

    Joe
    Joe

  10. #10
    Lounger
    Join Date
    Oct 2001
    Location
    Gtr London, England
    Posts
    33
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Malware (WinXP)

    I have quite a few programs which automatically update but it's all standard legit stuff (Adobe, Norton etc) I wouldn't have thought anything like that would deliver an unsigned unannounced exe

  11. #11
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Malware (WinXP)

    If you are unhappy about them, why not just rename both to be .TXT files (ignoring the Awful Warning), and see what does (or doesn't!) happen?

    After several weeks of no problems, you could then probably just delete them...

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  12. #12
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Malware (WinXP)

    You may be infected with Backdoor.Win32.Robobot.r. Go to The Kapersky site for a free scan that should detect it if you have it.

    The information that lead me to this conclusion can be found here HTH
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  13. #13
    Lounger
    Join Date
    Oct 2001
    Location
    Gtr London, England
    Posts
    33
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Malware (Backdoor.Win32.Robobot.y )

    You're right. Kaspersky identifies it as Backdoor.Win32.Robobot.y

    Any idea I get rid of it?

  14. #14
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Malware (Backdoor.Win32.Robobot.y )

    Take a look here for some help. I'll see if I can find something more encouraging, but this is all I can come up with right now.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  15. #15
    Lounger
    Join Date
    Oct 2001
    Location
    Gtr London, England
    Posts
    33
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Malware (Backdoor.Win32.Robobot.y )

    Thanks. I tried the trial version of the Kaspersky A-V which (of course) found it and deleted it but it didn't deal with the underlying nasty as the files immediately reappeared. I assume there's got to be a registry entry somehwere that I've got to find and delete. After installing the Kaspersky package both WMP and IE stopped working (They both would shut down straight away after opening) and my PC slowed to a crawl. I've uninstalled it now and everything seems back to normal. What I find surprising is, as this appears to be a known trojan I've picked up, that a major vendor like Norton doesn't (or can't or won't) deal with it. Actually I think it's quite shocking that I have to rely on the kindness of strangers to help when I pay these guys supposedly to sort out these problems for me (when I checked I found I've paid Symantec nearly $500 in three years for two PCs and a laptop). In ten years on the internet, this is actually the first time I've had a problem like this (I even never ever get any spam, my ISP - blueyonder.co.uk - must have some pretty good filters in place).

    Again many thanks for your kind assistance

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •