Here was a better translation:
http://www.sophos.com/security/analyses/w32rbotfwy.html?_log_from=rss But if you have a root-kit, you really should try to format. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris Sent: Saturday, December 02, 2006 9:50 PM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] Virus on Imail server Since 10/06/06 I have been fighting a virus on my mail server...was not too concerned about it until last week when it evidently helped me get blacklisted with spamcop, spamhause, UBL and some others....can anyone tell me how to get rid of it...I have tried everything to no avail.... The virus is putting "a.exe" and ".exe" in the winnt\system32 folder and or the C:\ drive Also it has 1x32.exe or 2X32.exe or 0X32.exe running in the Task Manager and it installs Numeric file in Registry... It also puts files like Hub101bl in the Internet.IE5 folder in Temporary Internet Files... Spamcop said I had a proxy virus that is sending out emails..maybe thru forms on server as this is my web server also..don't understand that but I don't doubt it.... I have made a temporary solution by relaying mail to a server that is not listed and so far in the past week it is OK...but the 65.240.164.10 server keeps getting blacklisted by one or more lists..I have declude hijack and have locked the server down by requiring all customers to go to server authentication..I thought that would stop it....NOT I can clean the server completely with F-Prot then Trojan Hunter and the next moring it is all back and I have to try to do the same thing over...sometimes the server will stay clean for days and sometimes just a few minutes...it is driving me crazy....anyone else out there ever experience this and if so how did you fix it... Many of my google serches have brought up Chinese web sites which may be the source....I am not sure.. This web site has a very good description of what I am seeing but has not helped me.. http://translate.google.com/translate?hl=en <http://translate.google.com/translate?hl=en&sl=de&u=http://www.pc-magazin.d e/internet/cm/virenecke/show_sophos.php%3Fid%3D3570&sa=X&oi=translate&resnum =1&ct=result&prev=/search%3Fq%3D2x32.exe%2Bvirus%26hl%3Den%26lr%3D> &sl=de&u=http://www.pc-magazin.de/internet/cm/virenecke/show_sophos.php%3Fid %3D3570&sa=X&oi=translate&resnum=1&ct=result&prev=/search%3Fq%3D2x32.exe%2Bv irus%26hl%3Den%26lr%3D If you need anymore info let me know and if you thing you can help I will email you directly... Richard Farris Ethixs Online 1.270.247.5555 Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet"