Jump to content

Trojan

mlclm

By mlclm
in Tech and Computers

 Share

Recommended Posts

mlclm

mlclm

Posted
Posted

A couple days ago, I was helping someone out and downloaded a keygen for them. Now, every time I turn on my computer, the keygen pops up and Windows defender gives me a warning about "Backdoor:Win32/Rbot.gen!G". I don't know what to do. :c

Link to comment
Share on other sites
OldJoe

OldJoe

Posted
Posted

Your AV can't remove it? And what's your AV?

J'adore aussi le sexe et les snuff movies

Je trouve que ce sont des purs moments de vie

Je ne me reconnais plus dans les gens

Je suis juste un cas désespérant

Et comme personne ne viendra me réclamer

Je terminerai comme un objet retrouvé

Link to comment
Share on other sites
OldJoe

OldJoe

Posted
Posted

Have you tried running Avira and see if it can delete it? Otherwise what i found was a solution at Sophos, but that includes going into the registry ( http://www.sophos.com/security/analyses ... botwv.html ).

 

If you can, wait for someone else to give you a better reply.

J'adore aussi le sexe et les snuff movies

Je trouve que ce sont des purs moments de vie

Je ne me reconnais plus dans les gens

Je suis juste un cas désespérant

Et comme personne ne viendra me réclamer

Je terminerai comme un objet retrouvé

Link to comment
Share on other sites
Jard_Y_Dooku

Jard_Y_Dooku

Posted
Posted

The solution to your problem.

 

 

 

  1. [*:1gc7avnh]Make a virtual machine
     
    [*:1gc7avnh]Install your OS on to the virtual machine
     
    [*:1gc7avnh]Snapshot the hard drive
     
    [*:1gc7avnh]Download Trojans on to your virtual machine
     
    [*:1gc7avnh]Snapshot the hard drive
     
    [*:1gc7avnh]Compare snapshots
     
    [*:1gc7avnh]Using information, remove Trojan from actual machine
     
    [*:1gc7avnh]Never download shifty programs on to your actual machine again - that is what virtual machines are for - installing viruses and having nothing happen

 

 

 

Of course that is not guaranteed to work (the Trojan may perform different actions depending on the date and time or your system's configuration), but has a very high chance of.

  • Never trust anyone. You are always alone, and betrayal is inevitable.
  • Nothing is safe from the jaws of the decompiler.

Link to comment
Share on other sites
Looce

Looce

Posted
Posted

Since Sunbelt Labs has an entry on the named Trojan, and its advice is to use Remove, Sunbelt Home and Home Office antivirus might be able to remove it. Or look for "Backdoor:Win32/Rbot.gen!G removal tool" on Google :)

 

 

 

Jard, while your instructions are top-notch for those who want to submit infection samples to an antivirus lab (i.e. IT security experts), I don't expect average users to be able to do this. :|

vaporeon-sig.png
Link to comment
Share on other sites
mlclm

mlclm

Posted
  • Author
Posted
Since Sunbelt Labs has an entry on the named Trojan, and its advice is to use Remove, Sunbelt Home and Home Office antivirus might be able to remove it. Or look for "Backdoor:Win32/Rbot.gen!G removal tool" on Google :)

 

 

 

Jard, while your instructions are top-notch for those who want to submit infection samples to an antivirus lab (i.e. IT security experts), I don't expect average users to be able to do this. :|

 

Thanks for that link and I didn't even think about just searching on Google lol. #-o

Link to comment
Share on other sites
mlclm

mlclm

Posted
  • Author
Posted
Keygens will always be classified on AV's as trojans/viruses because they generate code - at least most of them time, it depends where you download stuff from.

 

I used to always scan my files after I downloaded them, but I've pretty much stopped that since I got a Demonoid invite. Guess I shouldn't have.

 

Since Sunbelt Labs has an entry on the named Trojan, and its advice is to use Remove, Sunbelt Home and Home Office antivirus might be able to remove it. Or look for "Backdoor:Win32/Rbot.gen!G removal tool" on Google :)

 

 

 

Jard, while your instructions are top-notch for those who want to submit infection samples to an antivirus lab (i.e. IT security experts), I don't expect average users to be able to do this. :|

 

The Sunbelt AV is only a trial, so I ran a search and there was a removal tool on Microsoft's website, but IE crashed while it was running. -.- I'm gonna try it again today in safe mode, but if it doesn't work I'll just download the trial.

Link to comment
Share on other sites
MageUK

MageUK

Posted
Posted
Keygens will always be classified on AV's as trojans/viruses because they generate code - at least most of them time, it depends where you download stuff from.

 

 

 

They're actually generally classified as viruses because of the packers they use to contain themselves, which is similar to the same packing that some viruses use. It's because of the way they are contained, not because of their function.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept