Need help removing Backdoor.ProRat virus
Mitch@this_is_not_a_real_address.com
07-10-2005, 02:46 AM
I'm running XP, and a file reginv.dll is infected with the ProRat
virus.
I follwed these instructions,
(http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html)
but none of the registry keys mentioned exist on my system.
My Norton Antivirus has been rendered inactive, my Firewall is turned
off, and won't let me turn it back on.
I've read about this nasty thing...any help removing it is
appreciated.
Husky
07-10-2005, 02:46 AM
On Thu, 02 Jun 2005 20:01:32 GMT, "Mitch@this_is_not_a_real_address.com" <>
wrote:
>I'm running XP, and a file reginv.dll is infected with the ProRat
>virus.
>
>I follwed these instructions,
>(http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html)
>
>but none of the registry keys mentioned exist on my system.
>
>My Norton Antivirus has been rendered inactive, my Firewall is turned
>off, and won't let me turn it back on.
>
>I've read about this nasty thing...any help removing it is
>appreciated.
http://forum.hijackthis.de/showthread.php?t=1672
step by step here...
--
more pix @ http://members.toast.net/cbminfo/index.html
Mitch@this_is_not_a_real_address.com
07-10-2005, 02:46 AM
>http://forum.hijackthis.de/showthread.php?t=1672
>
>step by step here...
I can't run MWave! "Internal error".
Have you ried rebooting to the safe mode, then run you antivirus and or
Hijackthis?
"Mitch@this_is_not_a_real_address.com" wrote:
>
> >http://forum.hijackthis.de/showthread.php?t=1672
> >
> >step by step here...
>
>
> I can't run MWave! "Internal error".
>
<Mitch@this_is_not_a_real_address.com> schrieb im Newsbeitrag
news:jdo3a11c0e56728guiv4eo9is175lm2v7g@4ax.com...
>
> >http://forum.hijackthis.de/showthread.php?t=1672
> >
> >step by step here...
>
>
> I can't run MWave! "Internal error".
Mitch@this_is_not_a_real_address.com
07-10-2005, 02:46 AM
>Have you ried rebooting to the safe mode, then run you antivirus and or
>Hijackthis?
Yes...it won't let Norton Antivirus run in Safe Mode.
I ran HiJackThis in normal, but not safe.
Hijack this just gives a log, right? It doesn't actually do any
cleaning? I'm new to it, obviously.
If I run Ad-Aware in Safe Mode, it finds all the infected files and
registry keys, and claims to clean them. But as soon as I reboot, the
infection is back.
Sharon F
07-10-2005, 02:47 AM
On Thu, 02 Jun 2005 20:01:32 GMT, Mitch@this_is_not_a_real_address.com
wrote:
> I'm running XP, and a file reginv.dll is infected with the ProRat
> virus.
>
> I follwed these instructions,
> (http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html)
>
> but none of the registry keys mentioned exist on my system.
>
> My Norton Antivirus has been rendered inactive, my Firewall is turned
> off, and won't let me turn it back on.
>
> I've read about this nasty thing...any help removing it is
> appreciated.
Have you considered getting on the phone with Symantec? You may have a
newer variant that they need to more about. Sending them a sample of the
infected file would be a good idea too. I don't use Norton's A/V anymore
but seem to remember a link right in the program to "send sample." If you
can't find it, there will be links on their website - probably in the SARC
sections. While you have their ear, they would be able to give you a
one-on-one walk-through for cleaning the system.
MS also has a service to help with virus and other malware problems. Info
is in left column : http://support.microsoft.com/?pr=SecurityHome
--
Sharon F
MS-MVP ~ Windows Shell/User
boot from the xp cd and select recovery console
after logging in, delete the file
"Sharon F" <sharonfDEL@ETEmvps.org> wrote in message
news:%23hP6B0DbFHA.2876@TK2MSFTNGP09.phx.gbl...
> On Thu, 02 Jun 2005 20:01:32 GMT, Mitch@this_is_not_a_real_address.com
> wrote:
>
>> I'm running XP, and a file reginv.dll is infected with the ProRat
>> virus.
>>
>> I follwed these instructions,
>> (http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html)
>>
>> but none of the registry keys mentioned exist on my system.
>>
>> My Norton Antivirus has been rendered inactive, my Firewall is turned
>> off, and won't let me turn it back on.
>>
>> I've read about this nasty thing...any help removing it is
>> appreciated.
>
> Have you considered getting on the phone with Symantec? You may have a
> newer variant that they need to more about. Sending them a sample of the
> infected file would be a good idea too. I don't use Norton's A/V anymore
> but seem to remember a link right in the program to "send sample." If you
> can't find it, there will be links on their website - probably in the SARC
> sections. While you have their ear, they would be able to give you a
> one-on-one walk-through for cleaning the system.
>
> MS also has a service to help with virus and other malware problems. Info
> is in left column : http://support.microsoft.com/?pr=SecurityHome
>
> --
> Sharon F
> MS-MVP ~ Windows Shell/User
Need help removing Backdoor.ProRat virus