SysChat is a free online computer support community. Ask questions, share resources, contribute knowledge and discuss technology. Join our growing community to access all features. Register Now!

SysChat » Tutorials » Security » Windows XP and Vista Threat: WORM_RBOT.AVL - Effects and Removal


Guides and tutorials on computer security, antivirus, antispyware, malware, parental control, and privacy protection

LinkBack Tutorial Tools
Windows XP and Vista Threat: WORM_RBOT.AVL - Effects and Removal

Windows XP and Vista Threat: WORM_RBOT.AVL - Effects and Removal

Published by DanielGray

Default Windows XP and Vista Threat: WORM_RBOT.AVL - Effects and Removal

The Worm_RBOT.AVL is dispersed through network shares. This category of worm gathers the listings of passwords and user names from the infected system. This type of threat comprises of a backdoor utility. It can influence Windows (XP, and Vista). This risk is also known as W32.Spybot.Worm and New_Malware.b.

WORM_RBOT.AVL Penetrating Methods

This particular worm duplicates its files into the hard drive using the file name WORM_RBOT.AVL. Then it constructs a startup key and the value mspn32.exe. When executed, it duplicates its files to the Windows System directory and creates the following registry entries to be able to run every startup:
• HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
Process Manager - mspn32.exe
• HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ RunServices
Process Manager- mspn32.exe

How to Avoid WORM_RBOT.AVL Infection

To avoid this type of threat, the user is advised to download security software and always keep the antivirus application updated. Turn on the system firewall at all times and regularly scan the system for other threats. It may me wise to use Avast! Antispyware and True Sword.

WORM_RBOT.AVL Infection Symptoms

WORM_RBOT.AVL exposes these subsequent Windows weakness to be able to distribute its malicious intent across the network: Vulnerability of SQL Buffer Overflow, WebDAV/ITS, RPC, DCOM object model, and LSASS. It may also try to link to a specific IRC Server, listens to information and commands from the attacker and executes the instruction on the contaminated system. It may also gather serial numbers, CD keys, product ID, and may initiate a network sniffer to hoard passwords and other data.


It may execute basic FTP function and basic IRC operation. The WORM_RBOT.AVL also performs flood attacks such as: Ping flood, ICMP flood, UDP flood, TCP flood, SYN flood, downloads additional files, accesses FTP server, initiate command shell, send emails, halt legitimate services, erase DNS cache, generate bogus account, and executes malicious command on affected system.

Easy WORM_RBOT.AVL Removal

It is recommended to utilize True Sword and Trend Micro Cleanup Engine anti-spyware software to fully eliminate the WORM_RBOT.AVL and other malicious application. Scan the entire system and delete all files detected by the antivirus software.

How to Remove WORM_RBOT.AVL

To manually erase the WORM_RBOT.AVL, try to stop the processes using Task Manager. Identify the processes used by the worm and delete the running files identified. To use the Registry Editor, access the Run on Start button, press Enter. Delete ther registry entries as well as its executables:
• HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
• HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunServices
• mspn32.exe


Tutorial Tools

Similar Threads
Tutorial Tutorial Starter Category Comments Last Post
How to Remove & Avoid Trojan-Downloader.Win32.Small.cqf Infection DanielGray Security 0 06-07-2009 08:31 AM
W32.Aspam.Trojan.B: Description, Effects, and Removal. DanielGray Security 0 06-06-2009 01:47 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are on

» Ads

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54