Hi pi><boy
Indeed, xpjava.exe looks like a worm[1]. Check, whether it has
created a registry entry
and follow the removal instructions?Code:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit userinit.exe,xpjava.exe
Do you have an antivirus running? Which one?
Do you now hijack-this[2]? Give it a try and post the results here
on AO or on the automated analysis-page[3].
To prevent further infections:
W32/Rbot-YC spreads using a variety of techniques including exploiting weak
passwords on computers and SQL servers, exploiting operating system vulnerabilities
(including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other
worms or Trojans [1].
Which service pack? Are you running under the administrator account?
Do you use a strong password? Is your system patched (otherwise,
update now! and activate the automatic update function of Windows XP[4])?
Cheers.
[1] http://www.sophos.com/virusinfo/analyses/w32rbotyc.html
[2] http://www.majorgeeks.com/download3155.html
[3] http://www.hijackthis.de/en
[4] http://www.uic.edu/pharmacy/it/Tips/winupdat1.htm
Reply With Quote