Malicious code found in file C:\WINDOWS\SYSTEM32\WININV.DLL.
Infection : Backdoor.Win32.prorat.16
Action : The File was deleted .....
this the message that i always become when open my Box , I'm using Windows XP Home Edition ..when i start my computer i can't do anything becouse the computer is too SLOW and takes a long long long time to get ready to be in Use and sometimes it doesn't work and can't even click on somthing on the desktop to use ....
Description of my Notebook :
Display size : 15.0 "
type : TFT colour display
internal resolution : 1024 x 768
dot pitch (HxV) : 0.279 x 0.279 mm
typical contrast ratio : 250:1
response rise/fall : 11/24 ms
Expansion 2 x memory slots (0 to configure)
type : 1 x PC Card Type II
Hard disk capacity : 60 GB
certification : S.M.A.R.T.
height : 9.5 mm
drive rotation : 4,200 rpm
number of disks : 2
number of heads : 4
bytes per sector : 512
interface : Enhanced IDE (ATA-5)
buffer size : 2 MB
desktop or notebook? : notebook
System memory standard : 512 MB
maximum expandability : 2048 MB
data bus width : 64 bit
technology : DDR RAM
expansion module sizes : 128, 256, 512, 1024 MB
Processor manufacturer : Intel®
type : Mobile Intel® Pentium® 4 processor
clock speed : 3.06 GHz
1st level cache : 12 KB
2nd level cache : 512 KB
core voltage (AC) : 1.475/1.50/1.525 V
core voltage (Battery mode) : 1.2 V
co-processor : integrated in processor
system bus : 533 MHz
Graphics adapter manufacturer : Intel®
type : Intel® 852GM
memory amount : up to 64 MB
memory type : DDR RAM (UMA)
bus clock speed : 166 MHz
open GL support : Yes
direct 3D support : Yes
motion compensation : Yes
integrated TV encoder : Yes
multiple display support : Yes
Sound system manufacturer : Analog Devices
supported audio format : 16-bit stereo
speakers : built-in stereo speakers
type : AD1981
maximum sampling rate : 48 kHz
full duplex support : Yes
direct sound : Yes
direct 3D sound : Yes
volume dial : Yes
Operating system Windows® XP Home Edition
DVD-R/RW drive Multiword DMA burst data transfer rate : 16.6 (mode 2) MB/s
Ultra DMA burst data transfer rate : 33.3 (mode 2) MB/s
buffer size : 2 MB
compatibility : CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-R, DVD-RW
interface : EIDE (ATA-2)
manufacturer : Toshiba
maximum speed : 24-speed CD-ROM, 16 speed CD-R, 10-speed CD-RW, 8-speed DVD-ROM, 4-speed DVD-R, 4-speed DVD-RW (read), 16-speed CD-R, 10-speed CD-RW, 1-speed DVD-R, 1-speed DVD-RW (write)
type : DVD-R/RW drive
weight : 200 g
.....................................................................................................
Waiting for reply for my Problem !
F-Secure Anti-Virus .. Problem
-
PLeXroD
- Fame ! Where are the chicks?!
- Posts: 146
- Joined: 25 Oct 2005, 16:00
- 18
- Location: Denmark
- Contact:
what he means is that:
1: boot up in safe mode
2: download hi-jackthis from here:
http://majorgeeks.com/downloadget.php?i ... e6434cfc13
3: post the log that you get out of the hi-jack this
4: at last we find the malware and delete it...
1: boot up in safe mode
2: download hi-jackthis from here:
http://majorgeeks.com/downloadget.php?i ... e6434cfc13
3: post the log that you get out of the hi-jack this
4: at last we find the malware and delete it...
-Never try to be uncommon, instead of that only realize it's you that is common...-
-In grater common sence Linux is better than MS Windows-
-Never try to hack platform, instead of that, only make security and teach other to do that to-
-In grater common sence Linux is better than MS Windows-
-Never try to hack platform, instead of that, only make security and teach other to do that to-
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
um, boot into safe mode, and then delete these files:
/service.exe
/system/services.exe
/sytem32/fservice.exe,wininv.dll,winkey.dll
the delete the "fservice.exe"-entries in following registry paths:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]
but the problem is that it´s impossible to tell if/how often/in which way the backdoor on your system was used, so maybe there´s a lot of other malware on it too now. you can post the hijackthis log and we´ll take a look at it, but mate, prepare for a new XP install...
/service.exe
/system/services.exe
/sytem32/fservice.exe,wininv.dll,winkey.dll
the delete the "fservice.exe"-entries in following registry paths:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]
but the problem is that it´s impossible to tell if/how often/in which way the backdoor on your system was used, so maybe there´s a lot of other malware on it too now. you can post the hijackthis log and we´ll take a look at it, but mate, prepare for a new XP install...
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
uh-oh....sounds like a worm/virus is occupying a lot of your memory...
phew,mate....the only advice I can give you is to remove the HDD of the laptop, connect it to a clean system and run a virus-scan immedeately.
this will give you the opportunity to at least rescue some important data, but even if the system will be cleaned it most likely will be heavily damaged (depends on what file types are infected, but it´s mostly the exe-ones) so that you´ll have to format the drive and install a new system....
check the PM I´ve sent you...
phew,mate....the only advice I can give you is to remove the HDD of the laptop, connect it to a clean system and run a virus-scan immedeately.
this will give you the opportunity to at least rescue some important data, but even if the system will be cleaned it most likely will be heavily damaged (depends on what file types are infected, but it´s mostly the exe-ones) so that you´ll have to format the drive and install a new system....
check the PM I´ve sent you...