| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 107590 | 2010-02-23 01:18:00 | Removing Rostov trojan | sarel (2490) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 860732 | 2010-02-23 01:18:00 | A friend of mine got the Rostov.gen IB trojan, and he can't get rid of it. Thought A squared removed it - no dice. Any suggestions. Win 7. sarel |
sarel (2490) | ||
| 860733 | 2010-02-23 01:20:00 | trojan remover, malwarebytes, superantispyware,MSE or Nod32, HJT | GameJunkie (72) | ||
| 860734 | 2010-02-23 01:29:00 | He used everything except Nod32 - it just returns. he thought it attached to a Win file sarel |
sarel (2490) | ||
| 860735 | 2010-02-23 01:34:00 | Disable system restore then scan the whole hdd Is that what A squared picked it up as?? Rostov? |
Speedy Gonzales (78) | ||
| 860736 | 2010-02-23 01:37:00 | Scan the drive 'offline' - in another computer, or with a bootable scanner CD of some kind | Agent_24 (57) | ||
| 860737 | 2010-02-23 01:39:00 | Is rostov.bin on c somewhere? If it is delete it | Speedy Gonzales (78) | ||
| 860738 | 2010-02-23 02:06:00 | Yes, he tried to delete it but it just returns. This guy is no newbie, so he tried all removal options, used online scanners, and thought a2 removed it but it just returned (when he is online it MSE pops up a warning so he has to unplug the phone line physically to prevent it from accessing the net). Looks like a backdoor trojan to me. Apparently it is picked up as Rostov.gen /B (with a straight line in front of the B) by all AV's. I told him to slave the drive, if he can, scan it and perhaps see whether Combofix can't remove it. There is not a lot on Google about this one. sarel |
sarel (2490) | ||
| 860739 | 2010-02-23 02:11:00 | So, did you see if that bin file was on c?? Post a HJT log from it in safe mode / networking | Speedy Gonzales (78) | ||
| 860740 | 2010-02-23 02:21:00 | Speedy, I did not see anything - he asked me if I knew how to get rid of it. I'll advise him to do a HJT and post it here but I think he will rather reformat the HD and reinstall Win7. sarel |
sarel (2490) | ||
| 860741 | 2010-02-23 02:30:00 | His choice. Just dont chuck any P2P programs on it. Thats if he did in this case | Speedy Gonzales (78) | ||
| 1 2 | |||||