Backdoor.Rbot.gen - have I got rid of it?

  igr 17:22 03 Sep 2004

Following an anti virus scan with eScan (mwav) v 4.4.7 the above was found in the WINNT\system32\TFTP764.exe file. The eScan software renamed the file by changing the file extension .exe to .mwt. So the file is still in the system - I wondered if the file TFTP764.exe was a legitimate file in the first place and since corrupted, and I have other files TFTP1040 and TFTP840 and tftp in the same directory.

Should I delete the .mwt file? and are the other files mentioned kosher?

  Fruit Bat /\0/\ 17:38 03 Sep 2004

tclick here refers to Trivial File Transfer Protocal App

You should have a Tclick here file but not sure if the others are valid (not in my system32)think they get put in by spyware when you are tricked into going to a look alike Windows update site.

  Fruit Bat /\0/\ 17:40 03 Sep 2004

Ignore the click heres in the above posting not sure why your suspect file name was changed to click here.

  igr 20:50 03 Sep 2004


  stalion 20:54 03 Sep 2004

the files are renamed so that they do not cause any further problems they are probably shared files so removing them could cause you problems.If you want confirmation that the virus has gone run another scan

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5T review: Hands-on

See the Best Button Badge Designs of 2017

iPhone X review

Black Friday 2017 : date, sites participants & bonnes affaires