Hilfe!
Wer kann mir helfen, hab auf meinen PC den Virenwarner NOD32 installiert, mir wirft es jedoch immer den Virenwarner heraus, und kann ihn nicht löschen hab diese datei einstweilen unter Quarantände gestellt.
C:\WINDOWS\system32\dynizari.exe-Win32/RbotDQY Trojaner
Vielleicht weiss jemand wie ich mich dagegen verteidigen kann!
Danke!
Lg. Erika

Hallo,

Infektionswege von Rbot:

Zitat:

Verteilungsmethode

Win32.Rbot variants are able to spread in a number of different ways. Propagation is launched manually through backdoor control, rather than happening automatically. Not all variants support all propagation mechanisms.

Each spreading method begins with scanning for target machines. The worm can generate random values for all or part of each IP address it targets. Each attack vector is associated with a particular TCP port.
Via Network Shares (TCP ports 139 and 445)

Rbot can infect remote machines through Windows file sharing. It scans for target machines by probing TCP ports 139 and 445. If it can connect to either of these ports, it then tries to connect to the Windows share:

\\<target>\ipc$

Where <target> is the name of the machine it is trying to infect.

If this connection is not successful, it gives up on this machine. If the connection succeeds, it then attempts to retrieve a list of user names on the target, then use these user names to gain access to the system. If it cannot retrieve the list of user names, it falls back on a default list that it carries within itself, for example...

Note: Rbot may also try to access a remote machine using the credentials of the local account from which it is executed.

For each user name, it attempts to authenticate using several passwords stored within the worm. The password list can vary. For example...
The list usually includes an empty password.

Assuming the worm can authenticate with the target machine, it then tries to copy itself to these locations:

\\<target>\Admin$\system32
\\<target>\c$\winnt\system32
\\<target>\c$\windows\system32
\\<target>\c
\\<target>\d

It then schedules a remote job to run the worm copy on the target machine.
Via Exploits

Win32.Rbot can also spread by exploiting vulnerabilities in Windows operating systems and third party applications. If it successfully exploits one of these, it executes a small amount of code on the target machine, which instructs it to connect back to the source in order to retrieve the complete worm executable. These connections back to the source use either the TFTP or HTTP protocol; the worm acts as a TFTP or HTTP server to deliver itself. The ports used for these servers are also configurable, but are often 81 for HTTP and 69 for TFTP.

This is a list of known vulnerabilities that Rbot may exploit:

1. Microsoft Windows LSASS buffer overflow vulnerability (TCP port 445)
http://www3.ca.com/threatinfo/vulnin....aspx?id=27886
http://www.microsoft.com/technet/sec.../MS04-011.mspx

2. Microsoft Windows ntdll.dll buffer overflow vulnerability (WebDav vulnerability) (TCP port 80)
http://www3.ca.com/threatinfo/vulnin...n.aspx?ID=7287
http://www.microsoft.com/technet/sec.../MS03-007.mspx

3. Microsoft Windows RPC malformed message buffer overflow vulnerability (TCP ports 135, 445, 1025)
http://www3.ca.com/threatinfo/vulnin....aspx?ID=25454
http://www.microsoft.com/technet/sec.../MS03-039.mspx (supersedes original bulletin MS03-026)

4. Microsoft Windows RPCSS malformed DCOM message buffer overflow vulnerabilities (TCP port 135)
http://www3.ca.com/threatinfo/vulnin....aspx?ID=25975
http://www.microsoft.com/technet/sec.../MS03-039.mspx

5. Exploiting weak passwords on MS SQL servers, including the Microsoft SQL Server Desktop Engine blank 'sa' password vulnerability (TCP port 1433)
http://www3.ca.com/threatinfo/vulnin...n.aspx?ID=5705
http://support.microsoft.com/default...;en-us;Q321081
Note: The worm tries the same password list as that used for spreading through shares, including a blank password. The SQL server accounts it attempts to log in to are "sa", "root" and "admin".

6. Microsoft Universal Plug and Play (UPnP) NOTIFY directive buffer overflow and DoS vulnerabilities (TCP port 5000)
http://www3.ca.com/threatinfo/vulnin...n.aspx?ID=4520
http://www.microsoft.com/technet/sec.../ms01-059.mspx

7. DameWare Mini Remote Control Buffer Overflow (TCP port 6129)
http://www3.ca.com/threatinfo/vulnin....aspx?ID=26843
http://www.dameware.com/support/secu...tin.asp?ID=SB2
Via Other Malware

Some Rbot variants can also infect remote systems through backdoors created by other malware:

* Win32.Bagle worm (TCP port 2745)
* Win32.Mydoom worm (TCP port 3127)
* Win32.OptixPro trojan (TCP port 3410)
* Win32.NetDevil trojan (TCP port 903)
* Win32.Kuang trojan (TCP port 17300)
* Win32.SubSeven trojan (TCP port 27347)

Note: some of the above trojans listen on variable ports. Known variants of Win32.Rbot use only the default ports as listed above.

Quelle: http://www3.ca.com/securityadvisor/v....aspx?id=39437

Abhilfe schafft hier der Link in meiner Signatur.