firdaus_asri
asked on
Arun.exe a Virus?
Hi Guys,
I've just found out that there's an .exe program named arun.exe existing on my root local drive today. Is it a virus? If it is, how am I to clean since my NAV 2005 couldn't find anything wrong with it? Thanks.
I've just found out that there's an .exe program named arun.exe existing on my root local drive today. Is it a virus? If it is, how am I to clean since my NAV 2005 couldn't find anything wrong with it? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi unyquity, arun.exe is a Trojan (not a virus)
how do I get a virus called perflib_perfdata out of my computer
Hi unyquity. mgh_mgharish is right, arun.exe is a Trojan (not a virus), but I think from your perspective it is the same. Someone has gained access to your system and placed the files. Arun.exe was made back in the Prolog days as a command prompt or shell that can run on top of a windows operating system. Arun.exe is used by Black Hats to gain command prompt access to you system.
The reason why you will not find arun and the like on the antivirus and spyware sites is that it is an application. The problem is that it can be used for hacking.
What you should do is delete the files. If you are running remote desktop/access on the system tighten up that security (change the port, require point to point, etc.).
If the system is running IIS or other web server, shut off the anon access.
Diable the administrator, guest and any other account you do not need.
Check to make sure that you windows utilities lack calc.exe have not been replaced to allow the trojan to prop again...
The reason why you will not find arun and the like on the antivirus and spyware sites is that it is an application. The problem is that it can be used for hacking.
What you should do is delete the files. If you are running remote desktop/access on the system tighten up that security (change the port, require point to point, etc.).
If the system is running IIS or other web server, shut off the anon access.
Diable the administrator, guest and any other account you do not need.
Check to make sure that you windows utilities lack calc.exe have not been replaced to allow the trojan to prop again...
Using the tools ascribed as the Accepted Answer above will not help you. They did not help me either.
There were three files that kept appearing in the %USERPROFILE%\My Documents\... path: autorun.inf, arun.exe, and install.exe. I found it to be "Backdoor.Win32.Robobot.r"
I tried every which way to find this virus on the Symantec website. They just don't have it. Their software isn't going to find it. I filled out a feedback form:
"Using Windows XP Home Edition, SP2
"Norton AntiVirus Corporate Edition 7.60.926
"LiveUpdate Version: 4/16/2005 rev.25
"NAV did not find Backdoor.Win32.Robobot.r (Kaspersky)
"Please let me know if there is a removal tool, or if it will be published as a virus definition in the near future. I still have the files if a submission is necessary. Here is my story . . ."
Chances are, you'll have to use your one free trial of Kaspersky AV in order to remove this from your system. Again, this assumes that you have what I guess you have. Look at the sites I mentioned above and make the determination. Make sure to come back and let me know.
There were three files that kept appearing in the %USERPROFILE%\My Documents\... path: autorun.inf, arun.exe, and install.exe. I found it to be "Backdoor.Win32.Robobot.r"
I tried every which way to find this virus on the Symantec website. They just don't have it. Their software isn't going to find it. I filled out a feedback form:
"Using Windows XP Home Edition, SP2
"Norton AntiVirus Corporate Edition 7.60.926
"LiveUpdate Version: 4/16/2005 rev.25
"NAV did not find Backdoor.Win32.Robobot.r (Kaspersky)
"Please let me know if there is a removal tool, or if it will be published as a virus definition in the near future. I still have the files if a submission is necessary. Here is my story . . ."
Chances are, you'll have to use your one free trial of Kaspersky AV in order to remove this from your system. Again, this assumes that you have what I guess you have. Look at the sites I mentioned above and make the determination. Make sure to come back and let me know.
Oh, comments on others' comments:
NAV can scan executables, depending on your settings. In this case deleting files will not work, as they are automatically replaced. In this case I tried Trend Micro's Housecall - it was one on the list I'd never tried - and it came up with bumpkus. Also, I would not have recommended some of those spyware cleaning utilities, without knowing the skill level of the user - they could do some real damage to their software and OS.
NAV can scan executables, depending on your settings. In this case deleting files will not work, as they are automatically replaced. In this case I tried Trend Micro's Housecall - it was one on the list I'd never tried - and it came up with bumpkus. Also, I would not have recommended some of those spyware cleaning utilities, without knowing the skill level of the user - they could do some real damage to their software and OS.
I have the same arun.exe problem. when i found that i had it when i tried to set up a peer to peer workstation, it tried write itself to the workstattion.
what is happening on mu peer to peer network is that it is disconnecting the users. i delete and reinstalled the network connect from the server workstation and within a couple of hours it disconnects them. tried a
mcafee antivirus
spysweeper
system optimizer
fix it
will try the suggestions above
the above info doesn't seem to have a definite answer. what is the answer?
victor
what is happening on mu peer to peer network is that it is disconnecting the users. i delete and reinstalled the network connect from the server workstation and within a couple of hours it disconnects them. tried a
mcafee antivirus
spysweeper
system optimizer
fix it
will try the suggestions above
the above info doesn't seem to have a definite answer. what is the answer?
victor
oh, the arun.exe and testfile.exe have been on my computer since 1 15 05
victor
victor
Does ANYONE out there have a REAL ANSWER to this???!!! I see the arun.exe "virus" (or whatever it is) mentioned all across the world when I Google it, but NO ONE has any answers ANYWHERE.
Thank you