F-Secure Anti-Virus .. Problem

Problems? Post here...
Post Reply
Ameradi
On the way to fame!
On the way to fame!
Posts: 46
Joined: 20 May 2005, 16:00
15
Location: Germany
Contact:

F-Secure Anti-Virus .. Problem

Post by Ameradi »

Malicious code found in file C:\WINDOWS\SYSTEM32\WININV.DLL.
Infection : Backdoor.Win32.prorat.16
Action : The File was deleted .....

this the message that i always become when open my Box , I'm using Windows XP Home Edition ..when i start my computer i can't do anything becouse the computer is too SLOW and takes a long long long time to get ready to be in Use and sometimes it doesn't work and can't even click on somthing on the desktop to use ....

Description of my Notebook :

Display size : 15.0 "
type : TFT colour display
internal resolution : 1024 x 768
dot pitch (HxV) : 0.279 x 0.279 mm
typical contrast ratio : 250:1
response rise/fall : 11/24 ms
Expansion 2 x memory slots (0 to configure)
type : 1 x PC Card Type II


Hard disk capacity : 60 GB
certification : S.M.A.R.T.
height : 9.5 mm
drive rotation : 4,200 rpm
number of disks : 2
number of heads : 4
bytes per sector : 512
interface : Enhanced IDE (ATA-5)
buffer size : 2 MB
desktop or notebook? : notebook

System memory standard : 512 MB
maximum expandability : 2048 MB
data bus width : 64 bit
technology : DDR RAM
expansion module sizes : 128, 256, 512, 1024 MB

Processor manufacturer : Intel®
type : Mobile Intel® Pentium® 4 processor
clock speed : 3.06 GHz
1st level cache : 12 KB
2nd level cache : 512 KB
core voltage (AC) : 1.475/1.50/1.525 V
core voltage (Battery mode) : 1.2 V
co-processor : integrated in processor
system bus : 533 MHz

Graphics adapter manufacturer : Intel®
type : Intel® 852GM
memory amount : up to 64 MB
memory type : DDR RAM (UMA)
bus clock speed : 166 MHz
open GL support : Yes
direct 3D support : Yes
motion compensation : Yes
integrated TV encoder : Yes
multiple display support : Yes

Sound system manufacturer : Analog Devices
supported audio format : 16-bit stereo
speakers : built-in stereo speakers
type : AD1981
maximum sampling rate : 48 kHz
full duplex support : Yes
direct sound : Yes
direct 3D sound : Yes
volume dial : Yes

Operating system Windows® XP Home Edition

DVD-R/RW drive Multiword DMA burst data transfer rate : 16.6 (mode 2) MB/s
Ultra DMA burst data transfer rate : 33.3 (mode 2) MB/s
buffer size : 2 MB
compatibility : CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-R, DVD-RW
interface : EIDE (ATA-2)
manufacturer : Toshiba
maximum speed : 24-speed CD-ROM, 16 speed CD-R, 10-speed CD-RW, 8-speed DVD-ROM, 4-speed DVD-R, 4-speed DVD-RW (read), 16-speed CD-R, 10-speed CD-RW, 1-speed DVD-R, 1-speed DVD-RW (write)
type : DVD-R/RW drive
weight : 200 g
.....................................................................................................


Waiting for reply for my Problem !

User avatar
Nerdz
The Architect
The Architect
Posts: 1127
Joined: 15 Jun 2005, 16:00
15
Location: #db_error in: select usr.location from sucko_member where usr.id=63;
Contact:

Post by Nerdz »

This is not a hardware issue... Well, I'm 95% sure. Can you boot in safe mode and select your startup program?

Can you please use hijackthis and post the logs so we can find malware all together:)
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.

Ameradi
On the way to fame!
On the way to fame!
Posts: 46
Joined: 20 May 2005, 16:00
15
Location: Germany
Contact:

Post by Ameradi »

Can you explain what you mean in steps ... I mean what should i do at First .... ! Sorry for the blockheaded Question !

PLeXroD
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 146
Joined: 25 Oct 2005, 16:00
15
Location: Denmark
Contact:

Post by PLeXroD »

what he means is that:

1: boot up in safe mode
2: download hi-jackthis from here:
http://majorgeeks.com/downloadget.php?i ... e6434cfc13
3: post the log that you get out of the hi-jack this
4: at last we find the malware and delete it...
-Never try to be uncommon, instead of that only realize it's you that is common...-

-In grater common sence Linux is better than MS Windows-

-Never try to hack platform, instead of that, only make security and teach other to do that to-

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11532
Joined: 06 Apr 2005, 16:00
15
Location: The zone.
Contact:

Post by bad_brain »

um, boot into safe mode, and then delete these files:

/service.exe
/system/services.exe
/sytem32/fservice.exe,wininv.dll,winkey.dll

the delete the "fservice.exe"-entries in following registry paths:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]


but the problem is that it´s impossible to tell if/how often/in which way the backdoor on your system was used, so maybe there´s a lot of other malware on it too now. you can post the hijackthis log and we´ll take a look at it, but mate, prepare for a new XP install... :?

Ameradi
On the way to fame!
On the way to fame!
Posts: 46
Joined: 20 May 2005, 16:00
15
Location: Germany
Contact:

Post by Ameradi »

DJSUNRISE , Guys .. i've done the first and the second step and i have downloaded the Hi-jackthis for the website to a CD ... but I'm still facing a problem by running the CD in the Notebook , Coz i can't even get rid of that Wait-remark of the mouse and sometimes i can't move the mouse !

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11532
Joined: 06 Apr 2005, 16:00
15
Location: The zone.
Contact:

Post by bad_brain »

uh-oh....sounds like a worm/virus is occupying a lot of your memory... :?

phew,mate....the only advice I can give you is to remove the HDD of the laptop, connect it to a clean system and run a virus-scan immedeately.
this will give you the opportunity to at least rescue some important data, but even if the system will be cleaned it most likely will be heavily damaged (depends on what file types are infected, but it´s mostly the exe-ones) so that you´ll have to format the drive and install a new system....

check the PM I´ve sent you... :wink:

Post Reply