[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 183
  • Last Modified:

rbot worm?

ok this should be easy for most of you and worth 300 points but i cannot figure this one out.   I have about 30 users that IT will not let on the network because of arp storms.  The platforms are nt4, w2k, and xp.  These machine's were not security patched but are running Mcafee 7.1.  Now all are security patched and have the latest dat and engine.  Macafee does not detect a virus but in the reg there are entries "start upping" and "iexplorerupdt.exe".  This happened at another location last week and I manually had to delete all of the references in the reg, spyware, and files in system32 systems were clean.  Now it doesn't work at this location accross town.  What would cause these machines to broadcast so much?  We are talking arp traffic and it is about 9000b in half a min.....
0
txtr8r
Asked:
txtr8r
  • 6
  • 6
  • 2
2 Solutions
 
SheharyaarSaahilCommented:
Hello txtr8r =)

Trend Micro should detect it if its present on the machines >> http://uk.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=WORM_RBOT.ABQ
run this online virus scan to verify it >> http://housecall.trendmicro.com/
0
 
stevenlewisCommented:
0
 
txtr8rAuthor Commented:
yes thank you and have tried trend micro and it does detect and deletes some but not all even in safe mode.....even if i do get it deleted in one instance i had to change the nic brd.......and for dos attacks....that is more along the lines of what i was thinking beings this is the same company....is there an easy way to prove/clean the arp cache?    IT needs proof.....i am just a low desktop support person......
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
SheharyaarSaahilCommented:
>> it does detect and deletes some but not all
why..... does it thrwo any error ??
0
 
SheharyaarSaahilCommented:
>> thrwo
throw*
0
 
txtr8rAuthor Commented:
cannot delete in use therefore i go into safe mode no network connection
0
 
txtr8rAuthor Commented:
am i looking at to many variables with 3 diff platforms?
0
 
txtr8rAuthor Commented:
oh one more thing last week at the other local it was start upping w/ taksmgr.exe........why would the file name change is this what the rbot does????
0
 
SheharyaarSaahilCommented:
Ok then try this,

F-Bot
The F-Bot utility disinfects computers infected with certain variants
of Agobot, Wootbot, SdBot, RBot, SpyBot, ForBot, IRCBot. Please see
the readme.txt file for more information.
  Download: http://www.f-secure.com/tools/f-bot.zip
  Download: ftp://ftp.f-secure.com/anti-virus/tools/f-bot.zip

ref >> http://www.f-secure.com/download-purchase/tools.shtml

get this tool, disconnect the machine from network, boot in Safemode(only) and then run that tool to eliminate the virus from the system!
0
 
SheharyaarSaahilCommented:
Start Upping is alse related to Worm Rbot !!
0
 
txtr8rAuthor Commented:
i started those scanning before i left tonite on one machine will check it tomorrow.......do you have any info on the dos attacks how to detect?  should I give it a mac addy to IT can they check it or is this the wrong ave.....reason why i ask is the network admin was just removed.......
0
 
txtr8rAuthor Commented:
none worked.....back to the old search and delete works on some machines and not on others......last time i had a question cisco came out with a known issue a week later maybe so will mcafee or some other security company thanks and i would like to give you each 100 pts for trying but how would i go about that?
0
 
SheharyaarSaahilCommented:
Sorry to listen that....... you can ask in the Support area for the refund for this question :)
good luck :)
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 6
  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now