Results 1 to 4 of 4

Thread: About Rosn1.exe notetool paladin etc

  1. #1
    Junior Member
    Join Date
    Dec 2006
    Posts
    4

    Angry About Rosn1.exe notetool paladin etc

    I have a file rosn1.exe installing itself in the windows/temp dir, I ran Ad-Aware, Spybot, Sophos Antivirus, Spyblaster and still re installs there.

    I checked the file and it is compiled but shows some of the Windows instructions.

    I have found nothing in the web except for very few possible references

    ros1.exe
    purger.exe
    zak2.exe

    Mostly in Russian.

    Spybot does not detect it or clean it. Actually I found that IExplorer renamed itself as Metapaladin and refers to a website so I use Mozzilla and Firefox

    "C:\Archivos de programa\Internet Explorer\iexplore.exe" "http://notetol.com/uninstall.php"

    Of course I did not opened it.

    It went undetected by spybot.

    I tried to delete it but reinstalls, I am trying other thing now. If does not work could be good to zip and send you as you advice?

    What are we dealing with?

    best regards

    Kaliman

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    32,916

    Default

    Hello.

    Please send the zipped file to: detections(AT)spybot.info Replace AT with @

    Put the name of the file/infection into subject matter.

    Then follow the procedure in this link: "BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D

    Start your own thread in the Malware Removal Forum

    Once you have posted a helper will advise you as soon as available.

    Cheers.
    Microsoft MVP. Consumer Security 2006-2014


  3. #3
    Junior Member
    Join Date
    Dec 2006
    Posts
    4

    Default Rosn1.exe and Rosn2.exe undetected since 2004?

    Hi friend


    I already did it several days ago.
    It seems the file is not new but a 2004 malaware, or it appears so. Sometimes when the computer starts shows up an announcement:

    Rosn2.exe got errors and must close.

    It closes itself to Rosn2.exe

    I deleted them from start, registry, directory and altered the contents but rebuild itself. Meaning there is other the source of the file. Using soem of the tooks you have in your site it showed that sends email to some webstats site, I could not repeat the procedure yet that is why I do not includ ethat report.

    Best regards

    ..............

    Sorry, maybe I did wrong sending this post to other Forum...?

    Follows...

    ..........

    Kaliman



    About Rosn1.exe notetool paladin etc
    I have a file rosn1.exe installing itself in the windows/temp dir, I ran Ad-Aware, Spybot, Sophos Antivirus, Spyblaster and still re installs there.

    I checked the file and it is compiled but shows some of the Windows instructions.

    I have found nothing in the web except for very few possible references

    ros1.exe
    purger.exe
    zak2.exe

    Mostly in Russian.

    Spybot does not detect it or clean it. Actually I found that IExplorer renamed itself as Metapaladin and refers to a website so I use Mozzilla and Firefox

    "C:\Archivos de programa\Internet Explorer\iexplore.exe" "http://notetol.com/uninstall.php"

    Of course I did not opened it.

    It went undetected by spybot.

    I tried to delete it but reinstalls, I am trying other thing now. If does not work could be good to zip and send you as you advice?

    What are we dealing with?

    best regards

    PS. I checked w the extra tools in the Spybot site and there is more info about the URLs and other staff... but no detection from any tool yet nor any barrier to prevent reinfection... as it seems...
    kaliman is offline Reply With Quote
    kaliman
    View Public Profile
    Find More Posts by kaliman
    Old 2006-12-16, 21:49 #2
    kaliman
    Junior Member

    Join Date: Dec 2006
    Posts: 3

    Default rosn1.exe infection ... The log by Hyjackthis... infected in windows/temp
    HJT log removed.
    Last edited by tashi; 2006-12-20 at 23:05. Reason: No HJT logs in this forum. ;)

  4. #4
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,879

    Default

    Quote Originally Posted by kaliman View Post
    Sorry, maybe I did wrong sending this post to other Forum...?
    I see that you posted in the following thread in the Malware Removal forum which is the correct forum:

    I sorry but, evidently they are busy (helping others, holiday shopping etc.). There is a reminder thread in that forum that you can post to that will alert the helpers that you have been waiting for more than three (3) days for a response:

    If you post in that thread, make sure that you reference the thread that you are waiting for a response to:
    Last edited by md usa spybot fan; 2006-12-20 at 20:59.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •