March 17th, 2005, 11:01 AM
Hi all - I am working on a friend's computer that is just plain weird. Whenever he connects to the internet, his machine sits there downloading huge amounts of data - indefinitely. Initially I purchased and installed the full version of Panda Titanium Antivirus (the one that comes with a firewall). That didn't help. SO i de-installed Panda and installed Avast with SyGate. I then noticed that part of the system kept requesting access to a site called ru.windosupdate.microsoft.com and au.windowsupdate.microsoft.com So, I thought, I've got you now! Not so - Avast picked up some other viruses (4, to be exact) and cleaned them, but still when I turned SyGate to allow, that pesky thing kept wasting my ADSL allowance with continual downloads. Upon doing a Google, I came across a few notes about a worm called Bobax.K that does exactly what is happening on my friend's computer. So:
1) Why did neither Panda or Avast fix it?
2) I use Avast myself, but only chose Panda for my friend as he has a business computer (for his Motel), so doesn't qualify to use Avast / SyGate free versions, and the Panda is the cheapest on the market (by about USD$10) for an Antivirus / Firewall combo. Is Panda a crap product?
3) The instructions on the Trend Micro site for getting rid of the Bobax.K are a bit beyond me - quite a bit of farting about in the registry. Anyone know of a "tool" that will do the job?
March 18th, 2005, 01:35 AM
Not good to hear about virus infections, especially ones that cause financial trouble due to large data transfers...
Damn... just reading about this virus... it is very nasty... worm plus trojan... opens you wide open with backdoors and loggers etc...
I agree reading the removal steps it is very difficult...
this is version bobax.d (they are all similar) http://securityresponse.symantec.com...2.bobax.d.html
Here is a list of symantec removal tools
Bobax isnt in the list, which means they havent made it yet... or worse... the virus is bad that it cant be fixed with simple tool. Try following manual steps... you can ask for help no probs...
Else, I would definitely recommend a format, and before you get online again, make sure computer is fully patched with SP2 plus HotFixes, and valid firewall/anti-virus program!!
--- 0wN3D by 3gG ---
March 18th, 2005, 14:07 PM
Looks like this is a rather new one and looks nasty
Most of the AV's have included the Bobax variants in their latest updates, Avast added it today.