|
-
August 19th, 2004, 01:42 PM
#1
W32.Xabot.Worm
Clicked on a video clip and allowed WMP9 to access the net through ZoneAlarm 2.6. Never did see the video, but almost immediately got a ZoneAlarm Program Alert. All it says is "Do you want to allow to access the internet?'. That is not a typo, ZA is not saying what wants out. On the Alert, under Technical Information, its blank also. These alerts are not being recorded in the ZA Log either. Keep clicking no, and alert keeps coming back, even when I tell it to remember this answer. Ran AdAware SE and got nothing unusual. Ran Hijack this (latest version), nothing there either. Ran Spybot S&D (Ver 1.3) twice and got an alert about Xabot, and a German error message which follows:
Error during check!: Xabot (Ungültiger Datentyp für '').
An online German/English dictionary tells me the first word means invalid file access mode OR invalid file name OR invalid variable reference. The second word means data type and the third word means to find (found?).
Spybot hangs when I click Fixed Checked.
Running Kapersky Anti-Virus Ver 5.0. That has been running for an hour and a half and seems to be stuck on 31%. UPDATE: After two hours scan is at 67%.
Symantec tells me When W32.Xabot.Worm is executed, it does the following:Copies itself as %System%\wininit32.exe. Can find no instance of this file on my system. Looked around the registry for the changes Symantec talks about and they are not there either.
All this tells me that this Bot hasn't executed yet. Is there some way to get rid of this thing (I'm guessing its loaded in Memory (?) before I reboot or will I have to execute the d**m thing just to be done with it.
I'm behind a router. Will that help in this instance. This thing looks really nasty.
** **
We use our powers for good, not evil
** **
Logic is a systematic method of coming to the wrong
conclusion with confidence.
-
August 19th, 2004, 04:11 PM
#2
Investigated a couple of spyware forums and found:
"Re: Error during check!
Xabot (Ungultiger Datentyp fur “)
"Ungültiger Datentyp für" is German for "Invalid data type for."
There is a bug in Spybot 1.3. It requires a program fix (not a detections update) to fix this. If this message is the reason that you think you have the “W32.Xabot.Worm” it is not a good indication."
Still, something is trying to access the internet.
My next move is to reboot and see what happens.
** **
We use our powers for good, not evil
** **
Logic is a systematic method of coming to the wrong
conclusion with confidence.
-
August 19th, 2004, 04:36 PM
#3
Try the Spybot fix before you spend more time on the net access issue. The two problems are probably related.
-
August 19th, 2004, 05:51 PM
#4
Thanx for the post jerryctx.
Rebooted and thus far everything seems to be ok. Now to find the Spybot fix.
** **
We use our powers for good, not evil
** **
Logic is a systematic method of coming to the wrong
conclusion with confidence.
-
August 19th, 2004, 08:31 PM
#5
Turns out the "Error during check!: Xabot (Ungültiger Datentyp für '' warning when scanning with Spybot S&D is a known issue or a "False Positive". They call it the "Ungültiger Datentyp" bug in BHO list.
It occurs with versions prior to version 1.3.1 and there are further issues discussed here. You need to uninstall your previous version to update. Uninstall instructions can be found here., including a fix to remove registry entries.
That was an interesting experience but I don't think I want things like that to happen very often.
Last edited by Leurgy; August 19th, 2004 at 08:41 PM.
** **
We use our powers for good, not evil
** **
Logic is a systematic method of coming to the wrong
conclusion with confidence.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
