View Full Version : Fixed: Two Infections found-Win32.NrgBot.rtk.
#3- Don't know what is going on!!!!
I downloaded 11/23/2011 def updates and ran a scan on my Win 7 (64-Bit) computer and the scan came up with these two infections. Does anyone know what they might refer to? The state that they are Gateway Games, etc. (This is a Gateway computer).
Could they be false/positives? What should I do with them?
I didn't do anything with them, I just closed the S&D program.
Win32.NrgBot.rtk
SBI $9DB9AE9D Execitab;e
C"\Program Files (86X) Gateway Games\Gateway Game Console\GameConsole-wt.exe
Win32.NrgBot.rtk
SBI $9DB9AE9D Execitab;e
C"\Program Files (86X) Gateway Games\Gateway Game Console\GameConsole.exe
http://imageshack.us/phot...images/405/spybotsd.jpg/
Hello alicez,
The link you provided gives a '404 Not Found'
How to report Possible False Positives (http://forums.spybot.info/showthread.php?t=19117) :)
I am new at all of this and so not too familiar with what is going on.
I tried to Edit my thread, but was unable to do so.
You explanation is very confusing to me. Where do I send the "screen-shot"
http://img560.imageshack.us/img560/6038/spybotsd.jpg (http://imageshack.us/photo/my-images/560/spybotsd.jpg/)
http://imageshack.us/photo/my-images/560/spybotsd.jpg/
The box in the middle reads:
Fileinfection detected removing these may damaga your computer. If possible restart to a clean restore point or system backup.
((I really don't want to do a System Restore if I don't have to!)
23.11.2011 12:50:57 - ##### check started #####
23.11.2011 12:50:57 - ### Version: 1.6.2
23.11.2011 12:50:57 - ### Date: 11/23/2011 12:50:57 PM
23.11.2011 12:51:01 - ##### checking bots #####
23.11.2011 13:00:20 - found: Win32.NrgBot.rtk Executable
23.11.2011 13:00:20 - found: Win32.NrgBot.rtk Executable
23.11.2011 13:56:46 - ##### check finished #####
MennoTed
2011-11-23, 23:52
I just had the same "problem" today, i.e. Win32.NrgBot.rtk. I DO NOT have it on a Gateway computer, but can't find any reference to it on any other AV site. I haven't done anything with it yet either. Just bide my time for a day or two and see if anyone comes up with an explanation.
Re False Positive Report: I got the same infection message as alicez
Windows 7
Both Win Ex & Firefox is used on the computer
1.6.2.46
updated today, November 23, 2011
appeared as a scan result
dodge caravan
2011-11-24, 02:15
I have the same problem as the people above. It seemed to come from Spybot S & D itself because it only came after I updated. Before that I had Double Click and I still have double click and it will not go at all. I have scanned with spybot and removed these infections 20 times today alone and nothing happens. I have re-booted my computer and everything else. I also have a gateway computer, windows 7 and it is saying it is in the Gateway Game Console.
I posted in a different forum but got no reply
dodge caravan
2011-11-24, 02:21
By the way I wanted to mention that my screen looks exactly like the one above. I have wasted the whole day on this. Please explain where I can send the logs. I have sent an email to support with the log on it and last week I got the Double Click thing and I sent an email to support with the log and still had no reply to either.
Hello,
I posted in a different forum but got no reply
http://forums.spybot.info/showthread.php?t=64470
A detective will respond here when on-line. :)
Best regards,
Hello,
Win32.NrgBot.rtk has the ability to attach itself to legit files, thus infecting them.
Since your reports indicate a possibe false positive with Gateway Game Console please do the following to make sure it is only a false positive:
right click the scan result within Spybot S&D and save a full report
zip the files in question and attach both the full report and the zipped files to an email addressed at detections@spybot.info
link this thread in you email for quick reference
LorettaS
2011-11-24, 18:33
I also had the same problem today on a Win 7 computer although I have it in HP Game Console. Updated and scanned Win XP computer and it was ok. After detection Spybot got hung up scanning and I had to close it.
I also had the same problem today on a Win 7 computer although I have it in HP Game Console. Updated and scanned Win XP computer and it was ok. After detection Spybot got hung up scanning and I had to close it.
I also had this issue, but I removed HP Game Console, and it then disappeared.
siennasand
2011-11-24, 21:56
I got the same message yesterday. It says my infected files are in my toshiba game console. I'm using Windows 7 also. So, I'm guessing I don't have anything to be worried about. That sucks b/c I restored to an earlier date and some things went a little wonky on my computer but oh well.
hello,
thanks for submitting the GameConsole.exe files.
I can confirm that the detection as Win32.NrgBot.rtk is a false positive.
The next detection update scheduled for Wednesday 2011-11-30 will fix this issue.
However these GameConsole files are part of WildTangent and not part of your computer vendors necessary software. Due to trust issues with WildTangent in the past I would personally not trust them.
If you like the WildTangent games keep it, but if you don't use it I would recommend to uninstall it (if possible).
hello,
thanks for submitting the GameConsole.exe files.
I can confirm that the detection as Win32.NrgBot.rtk is a false positive.
The next detection update scheduled for Wednesday 2011-11-30 will fix this issue.
However these GameConsole files are part of WildTangent and not part of your computer vendors necessary software. Due to trust issues with WildTangent in the past I would personally not trust them.
If you like the WildTangent games keep it, but if you don't use it I would recommend to uninstall it (if possible).
Thank you for checking these, but I was wondering something: Did you confirm Gateway Game Console and HP Game Console? Or just one of those?
jc.carrier
2011-11-25, 21:23
By me, it is an obvious false positive.
It is reported in a copy on my system disk of a Safestick.exe file that is part of a highly secured USB key. This program is on the first, write-protected, partition of the key and runs automatically when the key is inserted to ask for the password and make the main protected partition accessible. After 3 incorrect passwords, the whole content of the key is destroyed.
Of course I compared the C: version of the program with the one on the key and the 2 versions are reported identical. I can't imagine the 2 versions being infected on the same week, one being on a write-protected disk.
sherlock2667
2011-11-26, 01:19
Win32.NrgBot.rtk showed up while doing my routine housekeeping routines. Followed many suggestions with no success. Any advice would be most appreciated.
What is/are the risks of having SB fix the problem?
Thanx for help.
Newbie in need
Hello sherlock2667,
Win32.NrgBot.rtk showed up while doing my routine housekeeping routines. Followed many suggestions with no success. Any advice would be most appreciated.
What is/are the risks of having SB fix the problem?
This thread is in the false positive sub-forum, please see if any of the previous posts apply.
hello,
thanks for submitting the GameConsole.exe files.
I can confirm that the detection as Win32.NrgBot.rtk is a false positive.
The next detection update scheduled for Wednesday 2011-11-30 will fix this issue.
However these GameConsole files are part of WildTangent and not part of your computer vendors necessary software. Due to trust issues with WildTangent in the past I would personally not trust them.
If you like the WildTangent games keep it, but if you don't use it I would recommend to uninstall it (if possible).
Best regards. :)
Almeetsup
2011-11-27, 05:07
Hello,
Similar situation.
I use Windows 7 on Toshiba laptop and Toshiba netbook.
:cleaning:
Win32.NrgBot.rtk
2 entries of TrojansC-03
TOSHIBA Games > TOSHIBA Game Console> GameConsole.exe size: 1,889 KB
GameConsole-wt.exe size: 1,889 KB
Message from Spybot S&D:
Unexpected error in finding problems (Cannot create file “C:\Windows\wininit.ini”. Access is denied)
:kboard:
With the Toshiba laptop: I right-clicked on the files GameConsole.exe and GameConsole-wt.exe. In their Properties, I selected 'Deny Access' instead of of 'Allow' for all the instances. As administrator, I clicked the Spybot S&D's 'Immunize' option. Then I ran Spybot S&B for a scan to remove the two culprit files. Result: 'Congratulations! No threat was detected'.
I'll try the same steps with my Toshiba netbook.
-Almeetsup
joelboby
2011-11-27, 19:57
Hello,
I'm new to this forum and on this post but I realized that the alarms of Win32.NrgBot.rtk Gameconsole.exe and Gameconsole-wt.exe were false-positives and that the next update (scheduled for 30 / 11 / 2011) would correct this false alarm.
Thank you all
Bonjour,
je suis nouveau sur ce forum et sur ce sujet et j'ai compris que les alarmes Win32.NrgBot.rtk de Gameconsole.exe et Gameconsole-wt.exe étaient de faus positifs et que la mise à jour prochaine (prévue le 30/11/2011) corrigerait cette fausse alerte.
Merci à tous
macwhirr
2011-11-28, 22:53
I have no game console of any sort, but when I updated Spybot this week, I got a warning for Win32.NrgBot.rtk. Windows Defender does not find it, nor does my Avast antivirus. Plus, my Spybot program froze three quarters of the way through "search and destroy." I am finding messages on boards all over the web from people asking the same question. Is this a false positive?
Hello macwhirr.
This particular topic in the false positives forum is marked. "Confirmed: Two Infections found" (http://forums.spybot.info/showthread.php?goto=newpost&t=64472) Win32.NrgBot.rtk.
If you have reason to believe your finding is another issue please follow the guidelines to report in a new topic as noted here: False Positives (http://forums.spybot.info/forumdisplay.php?f=16)
Best regards, :)