View Full Version : About Rosn1.exe notetool paladin etc
I have a file rosn1.exe installing itself in the windows/temp dir, I ran Ad-Aware, Spybot, Sophos Antivirus, Spyblaster and still re installs there.
I checked the file and it is compiled but shows some of the Windows instructions.
I have found nothing in the web except for very few possible references
ros1.exe
purger.exe
zak2.exe
Mostly in Russian.
Spybot does not detect it or clean it. Actually I found that IExplorer renamed itself as Metapaladin and refers to a website so I use Mozzilla and Firefox
"C:\Archivos de programa\Internet Explorer\iexplore.exe" "http://notetol.com/uninstall.php"
Of course I did not opened it.
It went undetected by spybot.
I tried to delete it but reinstalls, I am trying other thing now. If does not work could be good to zip and send you as you advice?
What are we dealing with?
best regards
Kaliman
Hello.
Please send the zipped file to: detections(AT)spybot.info Replace AT with @
Put the name of the file/infection into subject matter.
Then follow the procedure in this link: "BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D (http://forums.spybot.info/showthread.php?t=288)
Start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)
Once you have posted a helper will advise you as soon as available.
Cheers. :)
Hi friend
I already did it several days ago.
It seems the file is not new but a 2004 malaware, or it appears so. Sometimes when the computer starts shows up an announcement:
Rosn2.exe got errors and must close.
It closes itself to Rosn2.exe
I deleted them from start, registry, directory and altered the contents but rebuild itself. Meaning there is other the source of the file. Using soem of the tooks you have in your site it showed that sends email to some webstats site, I could not repeat the procedure yet that is why I do not includ ethat report.
Best regards
..............
Sorry, maybe I did wrong sending this post to other Forum...?
Follows...
..........
Kaliman
About Rosn1.exe notetool paladin etc
I have a file rosn1.exe installing itself in the windows/temp dir, I ran Ad-Aware, Spybot, Sophos Antivirus, Spyblaster and still re installs there.
I checked the file and it is compiled but shows some of the Windows instructions.
I have found nothing in the web except for very few possible references
ros1.exe
purger.exe
zak2.exe
Mostly in Russian.
Spybot does not detect it or clean it. Actually I found that IExplorer renamed itself as Metapaladin and refers to a website so I use Mozzilla and Firefox
"C:\Archivos de programa\Internet Explorer\iexplore.exe" "http://notetol.com/uninstall.php"
Of course I did not opened it.
It went undetected by spybot.
I tried to delete it but reinstalls, I am trying other thing now. If does not work could be good to zip and send you as you advice?
What are we dealing with?
best regards
PS. I checked w the extra tools in the Spybot site and there is more info about the URLs and other staff... but no detection from any tool yet nor any barrier to prevent reinfection... as it seems...
kaliman is offline Reply With Quote
kaliman
View Public Profile
Find More Posts by kaliman
Old 2006-12-16, 21:49 #2
kaliman
Junior Member
Join Date: Dec 2006
Posts: 3
Default rosn1.exe infection ... The log by Hyjackthis... infected in windows/temp
HJT log removed.
md usa spybot fan
2006-12-20, 19:56
Sorry, maybe I did wrong sending this post to other Forum...?
I see that you posted in the following thread in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum which is the correct forum:
About rosn1.exe and other allies
http://forums.spybot.info/showthread.php?t=9779
I sorry but, evidently they are busy (helping others, holiday shopping etc.). There is a reminder thread in that forum that you can post to that will alert the helpers that you have been waiting for more than three (3) days for a response:
If you have waited THREE days for advice post here.
http://forums.spybot.info/showthread.php?t=1137
If you post in that thread, make sure that you reference the thread that you are waiting for a response to:
About rosn1.exe and other allies
http://forums.spybot.info/showthread.php?t=9779