If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Virus and Registry help
It is a new version of the backdoor.prorat. I believe it
is backdoor.proratD. Nortons instructions to remove do not work as they are predicated upon being able to delete the files using their software, which is disabled. -----Original Message----- -----Original Message----- I have this virus which shuts down Norton antivirus and firewall. I have 6 corrupted files: windows\winlogon.exe, windows\system\service.exe, windows\systme32 \fservice.exe wincom.exe wininv.dll and winkey.dll. I cannot delete the .dll files, even in safe mode as I am denied access. I am told that the virus exists in the winkey.dll file. I can delete the fservice and sservice, but they are regenerated inmmediately(not so under safe mode, but once reboot normal and they are there again). Registry changes noted by norton and sophos I have found and deleted, but they too are immediately replaced upon exiting registry, again even under safe mode. Have noted no infestation (or odd changes) of win.ini or system.ini files. In the registry I notice that the HK Root\htafile\shell\open\command is modified with a mshta.exe file as is the HKLM\software\classes\htafile\shell\open\comma nd key and I have read that these are 2 common places for virus startup. My questions are (and excuse the small list): How do I delete the .dll files? What is the mshta.exe file that exists in the WIN system 32 file and would deleting its reference from the registry hurt? How can this virus monitor reg changes and fix immediately, even in safe mode and can I overcome. I have windows XP pro with all updates. I appreciate anyones assistance on this as Norton to date has not been any help. .. . And the name of the virus is? . |
Ads |
Thread Tools | |
Display Modes | |
|
|