Is RBOT part of microsoft Anti Spy

I was advised that rbot was a back door worm and rewrites it self.
Also found "Trojan /CWS combo.
any ideas!
Mark

 

Definately a problem. See this web page. if you haven't, check out the stickies at the top of this forum for advice, and wait for a secutity expert to answer your post.

 

Often one spyware renmover,antivirus , or trojan detector will detect the definition files in a competitiors product and identify them as an infestation.
So this could well be a false positive if you downloaded from an official site.
Often it is just as important to know where something is as to know what it is called.

 

Startup Inspector found "c program filesmicrosoft anti spywaregcas Sevr.exe "
Startup identifies gcas sevr.exe as a RBOT worm.
Microsoft anti spy was corrupted I had to uninstall and download it again.
Gcas sevr.exe is back on startup but my antispy works.
Don't know what to do.
Mark

 

Hi Mark,

gcasServ.exe is a legitimate exe for MS AS - will insert itself into the startups even if you don't run it with the resident protections. Are you running it with the real time protection running? Do you want it to run real time? If not, right click on the tray icon and disable it.

If that doesn't do the trick, and If msconfig can't keep it out of the startup, use autoruns to disable it http://www.sysinternals.com/Utilities/Autoruns.html

Regards - Charles

 

Yes I run it in real time if it's part of anti spy no worries.
thanks for the help.
Mark

 

Mark Hasenbein--You talk about "gcas sevr.exe ". A file with that name is not part of MSAntiSpyware. On the other hand I can find no mention of it elsewhere, so do not know if it is some new baddie or whether you have misspelled it. (I also looked for "gcassevr.exe" since a space in a file name is a little unusual.)
As charlesvar has said "gcasServ.exe" is a legitimate exe for MS AS.

 

Welshjim "gcasServ.exe" is correct.
Startup inspector identifies it as an "RBOT" not to be confused with Microsoft anti spy of the same name. Deleted the entry in my startup and my anti spy ware would not load and said to uninstall and download it again. GcasServ.exe was back in startup and Microsoft anti spy is working.
I am posting my Hijackthis log to see if anyone knows about "gcasServ.exe ".
Mark

 

Yes found "gcasDtServ.exe "

 

Mark Hasenbein-- gcasDtServ.exe is a different file from gcasServ.exe. Both are legitimate MSAntiSpyware files.
(gcas sevr.exe (or gcassevr.exe) is not.)
Did you find gcasServ.exe in the directory mentioned by PeteC?
I think Startup Inspector is giving you a false positive if the spelling is gcasServ.exe.
Your other thread
http://www.windowsbbs.com/showthread.php?t=47633
does not show gcassevr.exe as running.