web statisticsweb stats Business Phone Systems Tech Talk Forum - VOIP & Cloud Phone Help

Business Phone Systems

Previous Thread
Next Thread
Print Thread
Rate Thread
Page 1 of 2 1 2
#582904 01/06/15 10:26 PM
Joined: May 2007
Posts: 5,058
Likes: 5
Moderator-1A2, Cabling
*****
OP Offline
Moderator-1A2, Cabling
*****
Joined: May 2007
Posts: 5,058
Likes: 5
My Temple's computer has apparently caught a Virus. The machine runs Windows 7 and consistently reports "Microsoft Connection Monitor Manager" running.

Research on line reveals this to be a virus "W32/Rbot-AKV" We have tried various anti virus programs for the last 4 days and have been unable to remove the virus.

My next step is to buy a new hard drive and reinstall the OS and the backup programs. Hopefully the virus is not lurking in one of the docs.

Anyone familiar with this problem, or have any ideas?

I moved to the Mac to get away from issues like this and I'm in over my head.

TIA,

Sam


"Where are we going and why are we in this hand basket?"
Atcom VoIP Phones
VoIP Demo

Best VoIP Phones Canada


Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.

Joined: Jun 2006
Posts: 8,732
Likes: 2
Moderator-Nortel, Computers, General
*****
Offline
Moderator-Nortel, Computers, General
*****
Joined: Jun 2006
Posts: 8,732
Likes: 2
Did you start Windows in safe mode before doing a virus scan?


Scientists say that the universe is made up of Protons, Neutron & Electrons. They forgot "Morons".
Dave. (CTUB) Canadian Techs Use Bix!
Joined: May 2007
Posts: 5,058
Likes: 5
Moderator-1A2, Cabling
*****
OP Offline
Moderator-1A2, Cabling
*****
Joined: May 2007
Posts: 5,058
Likes: 5
Yup. I wasn't there for all 4 days of screwing around. A congregant who seems pretty knowledgable has been doing it. All the scans show NO VIRUS, but it's obviously there.

Windows sucks,

Sam


"Where are we going and why are we in this hand basket?"
Joined: Aug 2004
Posts: 9,155
Likes: 16
Admin
*****
Offline
Admin
*****
Joined: Aug 2004
Posts: 9,155
Likes: 16
Found this info. Back up your data!



Manual removal is a complicated and risky process, so please back up all important data before making any changes on your computer. Here are some instructions to handle with the Trojan horse manually, and be cautious when going through the following steps.

Step1. Show Hidden Files

(1). Press Win+R to get run option

(2). Type in Control Panel and hit enter to get Control Panel

(3). Click on Appearance and Personalization link

(3). Click on Folder Options link

(4). Click on View tab in Folder Options window

(5). Tick Show hidden files, folders, and drives under Hidden files and folders tab

(6). Click Apply to effect£¬ then click OK at the bottom of the Folder Options window.

Step2. Stop virus processes in the Windows Task Manager.

(1). Press Ctrl+Alt+Del keys together to get Windows Task Manager

(2). Click More details

Step3. Remove all the malicious files registry entries through Registry Edit.

Backdoor.Win32.Rbot.akv is a malicious Trojan virus which implants itself to the infected computer secretly and makes your computer and other working process slowly during infection. It can install the itself into the computer system without your awareness and consciousness. To make matters worse, the Trojan is used as a tool for hackers to achieve hacking purpose to steal your information. It is recommended to remove it with a complete and fast procedure. Users can follow instruction here to have it manual deleted instantly.

(1). Using Registry Editor to delete all the related registry entries.

*Guides to open Registry Editor:

Press Win+R key together then Registry Editor will pop up.

(2). Find out and remove the associated files of Backdoor.Win32.Rbot.akv

Step 4. Clear all the malicious cookies in browsers.

* Google Chrome: Click on the Tools menu - select Options - Click "Under the bonnet" tab - locate "Privacy" section - browsing data" button - "Delete cookies and other site data" to delete all cookies from the list.

* Internet Explorer: Click "Tools" - Click "safety" - "delete browsing history" - Tick "cookies" box and click delete

* Firefox:: Click "Tools" - Click "Options" - Click "Privacy" - Click "remove individual cookies"

Backdoor.Win32.Rbot.akv is a malicious and dangerous computer infection which is capable of sneaking into the target computer secretly and performing some malicious activities on the infected computer. It is usually bundled with free software or other pirated software from insecure sources, suspicious sites and spam e-mail attachments. It is able to go deep inside the Windows registry and block many important functions of the antivirus software installed in the computer. There are a flood of other viruses being invited to the computer which definitely will damage the computer seriously. The Trojan is also able to steal your personal data to benefit the virus makers. Thus, you need to terminate it immediately to avoid further damages.

Not responsible for bad outcome. Good luck.


[Linked Image]
Joined: May 2007
Posts: 5,058
Likes: 5
Moderator-1A2, Cabling
*****
OP Offline
Moderator-1A2, Cabling
*****
Joined: May 2007
Posts: 5,058
Likes: 5
Thanks Dave , I'll give it a shot.

Sam


"Where are we going and why are we in this hand basket?"
Joined: Jan 2007
Posts: 2,116
Likes: 2
OBT Offline
Admin
*****
Offline
Admin
*****
Joined: Jan 2007
Posts: 2,116
Likes: 2
Have you tried malwarebites to scan the pc. It is a very good program. You can get the lite version for free


“I have not failed. I've just found 10,000 ways that won't work.”
Joined: Feb 2009
Posts: 664
Member
Offline
Member
Joined: Feb 2009
Posts: 664
Pull the harddrive, attach to a clean PC in a slave mode, scan and clean with various antivirus tools. That way the virus is not running and you'll stand a better chance to clean it up.

If you don't have that available, here is a list of programs that I use to clean up infected windows computers. All of these tools can be downloaded safely from www.bleepingcomputers.com or www.majorgeeks.com (adblockplus recommended when browsing those sites, however)

combofix
tdsskiller
poweliks cleaners from eset and norton (particularly nasty rootkit making the rounds the last few months)
malwarebytes
adwcleaner
junkware removal tool
ccleaner
online antivirus scanners from eset, trendmicro, norton, etc.
microsoft sysinternals tools (process explorer, autoruns, tcpview)

Last edited by hawk82; 01/07/15 10:35 AM.
Joined: Mar 2008
Posts: 457
Member
Offline
Member
Joined: Mar 2008
Posts: 457
I second Hawk's advice but suggest starting with rkill, which is also available from bleepingcomputer.com. It will kill the virus that is running in active memory, which will allow you to proceed with standard removal practices.


"There is one thing and only one thing in which it is granted to you to be free in life, all else being beyond your power: that is to recognize and profess the truth." - Leo Tolstoy
Joined: May 2007
Posts: 5,058
Likes: 5
Moderator-1A2, Cabling
*****
OP Offline
Moderator-1A2, Cabling
*****
Joined: May 2007
Posts: 5,058
Likes: 5
we've run malwarebytes (and others) in Safe mode and got no where. I was going to go in today, but I'm sick as a dog. And aggravated - a bad combination.


Sam


"Where are we going and why are we in this hand basket?"
Joined: Jan 2008
Posts: 3,821
Retired Moderator
****
Offline
Retired Moderator
****
Joined: Jan 2008
Posts: 3,821
The last time I had a really bad trojan was on my new Win 8 laptop. I ran TrojanKiller, it found the virus and listed all the places and traces where it had hidden itself including ALL the registry entries. I didn't buy the trial which would have removed all the junk, I took a screen shot and then in safe mode I deleted all traces of it myself, took awhile but it worked. Hitman Pro also found it but didn't remove all the hidden files and it restored itself.

You can run some anti-viruses and it will "delete" stuff and with task manager open you can watch it all come right back! I saw this take place on a laptop that I was repairing so I had a bit of a contest with the trojan, can I delete the file that hides the exe before it can recreate itself? Sure..not the running file...shut it down (after noting its location) then quickly get rid of it. Its a bit of a challenge, but fun when its someone else's pc.

Last edited by Derrick; 01/08/15 05:50 PM.

www.myrandomviews
"Old phone guys never die, they just get locked in some closet with an old phone system and forgotten about"

Retired, taking photographs and hoping to fly one of my many kites.
Page 1 of 2 1 2

Moderated by  MooreTel 

Link Copied to Clipboard
Forum Statistics
Forums84
Topics94,262
Posts638,697
Members49,757
Most Online5,661
May 23rd, 2018
Popular Topics(Views)
211,112 Shoretel
187,717 CTX100 install
186,810 1a2 system
Newest Members
BPopilek, Rich F, LewisR, TDKs79, Buttinset
49,757 Registered Users
Top Posters(30 Days)
dexman 18
Toner 11
TDKs79 7
pvj 4
jc2it 4
Who's Online Now
2 members (justbill, Curlycord), 55 guests, and 422 robots.
Key: Admin, Global Mod, Mod
Contact Us | Sponsored by Atcom: One of the best VoIP Phone Canada Suppliers for your business telephone system!| Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers. Sundance Phone System Forums - VOIP & Cloud Phone Help
©Copyright Sundance Communications 1998-2024
Powered by UBB.threads™ PHP Forum Software 7.7.5