View Full Version : Opachki.ru
Hello,
I get the following message when checking for problems:
Error during check!
Opachki.ru [1 - $8733DD3A] (TRegExpr(comp): Unmatched [] (pos 17))
Six of these messages are coming up. Different to previous posts on this topic, it doesn't say anything about administrator rights being the cause of the problem.
I'm using Spybot v.1.6.2.46 with windows XP 2002.
Any ideas? Thank you in advance.
spybotsandra
2009-10-26, 14:18
Hello,
Please wait for the next detection update coming on 2009/10/28 - this should fix it.
Best regards
Sandra
Team Spybot
Hello,
I get the following message when checking for problems:
Error during check!
Opachki.ru [1 - $8733DD3A] (TRegExpr(comp): Unmatched [] (pos 17))
Six of these messages are coming up. Different to previous posts on this topic, it doesn't say anything about administrator rights being the cause of the problem.
I'm using Spybot v.1.6.2.46 with windows XP 2002.
Any ideas? Thank you in advance.
I am getting the same sort of set of errors with the first numbers starting at 4 and ending in 24 and I am updated to the latest version as of today (10th December 2009). Do I have a Trojan?
spybotsandra
2009-12-10, 17:08
Hello,
And you really have Spybot version 1.6.2 and not an old one like 1.6.0?
Best regards
Sandra
Team Spybot
NoNaMeStoleMyName
2009-12-11, 23:31
Is there any known source for this one? (opachki.ru)
Hello,
Is there any known source for this one? (opachki.ru)
Not sure what you mean by 'source'.
http://isc.sans.org/diary.html?storyid=7519
Cheers.
NoNaMeStoleMyName
2009-12-12, 17:28
Thanks for link...
Worries me, it's the only malware that ever got threw to my personal computer.
In years... Trying to find out where it came from? How did I catch this?
And... Is my computer REALLY cleaned up from it? :fear:
Hello NoNaMeStoleMyName,
In years... Trying to find out where it came from? How did I catch this?
And... Is my computer REALLY cleaned up from it? :fear:
From that link,
This prevents the system from booting in Safe Mode – the attackers did this to make it more difficult to remove the trojan.
I don't know why they do this, it could be that they are hijacking ZEUS or simply competing for same machines or using same attack vectors as the ZEUS crew.Can you boot in safe mode and/or is your browser being hijacked? If you were infected by Opachki.ru it is possible Zeus/Zbot was there first. As there are many Zeus variants the detection rate by security programs, anti-virus etc, has been spotty.
From the blog of Gary Warner, director of research in computer forensics at the University of Alabama, Birmingham.
http://garwarner.blogspot.com/search/label/zbot
http://garwarner.blogspot.com/2009/09/irs-version-of-zeus-bot-continues.html
If your computer shows signs of infection or you need reassurance you can follow the instructions in this link to produce a HJT log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)
A volunteer analyst would advise you as soon as available, bear in mind the forum is busy plus it's the weekend and holiday season.
Best regards, :)
Hello,
And you really have Spybot version 1.6.2 and not an old one like 1.6.0?
Best regards
Sandra
Team Spybot
:thanks: for replying.
I am not very used to this sort of thing - first of all this is a forum right? I am confused by your message stating not to use personal messages?
Also, it seems I have 1.6.0.30....
So I presume I am supposed to uninstall this and install the new one?
:thanks: again.
spybotsandra
2009-12-23, 12:52
Hello,
Correct, uninstall the old version and download the new one.
Please uninstall Spybot - Search & Destroy according to the following link (http://www.safer-networking.org/en/howto/uninstall.html).
Then make a fresh install of Spybot - Search & Destroy 1.6.2.
You will find links to several download locations (http://www.safer-networking.org/en/mirrors/index.html) on our website.
Or choose the direct installation file (http://www.spybotupdates.com/files/spybotsd162.exe).
The note of personal messages is general, because lot of users pm me for help, but i am not the only person here,
and this is a forum, so it is the best way to get help by opening their own thread, like you did. :)
Best regards
Sandra
Team Spybot
Thank you very much for walking me through it all.
So I am now all good it seems.
To get back to the main point, I no longer have the Opachki.ru trojan? Or I did not have it in the first place? I am presuming the second but just wanted to make sure I understood... :cleaning:
:thanks:
spybotsandra
2009-12-30, 20:34
Hello,
You did not have it in the first place, it was a false positive.
Best regards
Sandra
Team Spybot