About Rosn1.exe notetool paladin etc
I have a file rosn1.exe installing itself in the windows/temp dir, I ran Ad-Aware, Spybot, Sophos Antivirus, Spyblaster and still re installs there.
I checked the file and it is compiled but shows some of the Windows instructions.
I have found nothing in the web except for very few possible references
ros1.exe
purger.exe
zak2.exe
Mostly in Russian.
Spybot does not detect it or clean it. Actually I found that IExplorer renamed itself as Metapaladin and refers to a website so I use Mozzilla and Firefox
"C:\Archivos de programa\Internet Explorer\iexplore.exe" "http://notetol.com/uninstall.php"
Of course I did not opened it.
It went undetected by spybot.
I tried to delete it but reinstalls, I am trying other thing now. If does not work could be good to zip and send you as you advice?
What are we dealing with?
best regards
Kaliman
Rosn1.exe and Rosn2.exe undetected since 2004?
Hi friend
I already did it several days ago.
It seems the file is not new but a 2004 malaware, or it appears so. Sometimes when the computer starts shows up an announcement:
Rosn2.exe got errors and must close.
It closes itself to Rosn2.exe
I deleted them from start, registry, directory and altered the contents but rebuild itself. Meaning there is other the source of the file. Using soem of the tooks you have in your site it showed that sends email to some webstats site, I could not repeat the procedure yet that is why I do not includ ethat report.
Best regards
..............
Sorry, maybe I did wrong sending this post to other Forum...?
Follows...
..........
Kaliman
About Rosn1.exe notetool paladin etc
I have a file rosn1.exe installing itself in the windows/temp dir, I ran Ad-Aware, Spybot, Sophos Antivirus, Spyblaster and still re installs there.
I checked the file and it is compiled but shows some of the Windows instructions.
I have found nothing in the web except for very few possible references
ros1.exe
purger.exe
zak2.exe
Mostly in Russian.
Spybot does not detect it or clean it. Actually I found that IExplorer renamed itself as Metapaladin and refers to a website so I use Mozzilla and Firefox
"C:\Archivos de programa\Internet Explorer\iexplore.exe" "http://notetol.com/uninstall.php"
Of course I did not opened it.
It went undetected by spybot.
I tried to delete it but reinstalls, I am trying other thing now. If does not work could be good to zip and send you as you advice?
What are we dealing with?
best regards
PS. I checked w the extra tools in the Spybot site and there is more info about the URLs and other staff... but no detection from any tool yet nor any barrier to prevent reinfection... as it seems...
kaliman is offline Reply With Quote
kaliman
View Public Profile
Find More Posts by kaliman
Old 2006-12-16, 21:49 #2
kaliman
Junior Member
Join Date: Dec 2006
Posts: 3
Default rosn1.exe infection ... The log by Hyjackthis... infected in windows/temp
HJT log removed.