Sign in with
Sign up | Sign in
Your question

Need help removing Backdoor.ProRat virus

Last response: in Windows XP
Share
Anonymous
June 3, 2005 12:01:32 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I'm running XP, and a file reginv.dll is infected with the ProRat
virus.

I follwed these instructions,
(http://securityresponse.symantec.com/avcenter/venc/data...)

but none of the registry keys mentioned exist on my system.

My Norton Antivirus has been rendered inactive, my Firewall is turned
off, and won't let me turn it back on.

I've read about this nasty thing...any help removing it is
appreciated.
Anonymous
June 3, 2005 12:01:33 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Thu, 02 Jun 2005 20:01:32 GMT, "Mitch@this_is_not_a_real_address.com" <>
wrote:

>I'm running XP, and a file reginv.dll is infected with the ProRat
>virus.
>
>I follwed these instructions,
>(http://securityresponse.symantec.com/avcenter/venc/data...)
>
>but none of the registry keys mentioned exist on my system.
>
>My Norton Antivirus has been rendered inactive, my Firewall is turned
>off, and won't let me turn it back on.
>
>I've read about this nasty thing...any help removing it is
>appreciated.
http://forum.hijackthis.de/showthread.php?t=1672

step by step here...

--
more pix @ http://members.toast.net/cbminfo/index.html
Related resources
June 4, 2005 9:15:35 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Have you ried rebooting to the safe mode, then run you antivirus and or
Hijackthis?

"Mitch@this_is_not_a_real_address.com" wrote:

>
> >http://forum.hijackthis.de/showthread.php?t=1672
> >
> >step by step here...
>
>
> I can't run MWave! "Internal error".
>
Anonymous
June 5, 2005 7:16:05 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

<Mitch@this_is_not_a_real_address.com> schrieb im Newsbeitrag
news:jdo3a11c0e56728guiv4eo9is175lm2v7g@4ax.com...
>
> >http://forum.hijackthis.de/showthread.php?t=1672
> >
> >step by step here...
>
>
> I can't run MWave! "Internal error".
Anonymous
June 5, 2005 6:33:56 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

>Have you ried rebooting to the safe mode, then run you antivirus and or
>Hijackthis?


Yes...it won't let Norton Antivirus run in Safe Mode.
I ran HiJackThis in normal, but not safe.

Hijack this just gives a log, right? It doesn't actually do any
cleaning? I'm new to it, obviously.

If I run Ad-Aware in Safe Mode, it finds all the infected files and
registry keys, and claims to clean them. But as soon as I reboot, the
infection is back.
Anonymous
June 8, 2005 2:17:10 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Thu, 02 Jun 2005 20:01:32 GMT, Mitch@this_is_not_a_real_address.com
wrote:

> I'm running XP, and a file reginv.dll is infected with the ProRat
> virus.
>
> I follwed these instructions,
> (http://securityresponse.symantec.com/avcenter/venc/data...)
>
> but none of the registry keys mentioned exist on my system.
>
> My Norton Antivirus has been rendered inactive, my Firewall is turned
> off, and won't let me turn it back on.
>
> I've read about this nasty thing...any help removing it is
> appreciated.

Have you considered getting on the phone with Symantec? You may have a
newer variant that they need to more about. Sending them a sample of the
infected file would be a good idea too. I don't use Norton's A/V anymore
but seem to remember a link right in the program to "send sample." If you
can't find it, there will be links on their website - probably in the SARC
sections. While you have their ear, they would be able to give you a
one-on-one walk-through for cleaning the system.

MS also has a service to help with virus and other malware problems. Info
is in left column : http://support.microsoft.com/?pr=SecurityHome

--
Sharon F
MS-MVP ~ Windows Shell/User
June 8, 2005 4:01:16 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

boot from the xp cd and select recovery console
after logging in, delete the file

"Sharon F" <sharonfDEL@ETEmvps.org> wrote in message
news:%23hP6B0DbFHA.2876@TK2MSFTNGP09.phx.gbl...
> On Thu, 02 Jun 2005 20:01:32 GMT, Mitch@this_is_not_a_real_address.com
> wrote:
>
>> I'm running XP, and a file reginv.dll is infected with the ProRat
>> virus.
>>
>> I follwed these instructions,
>> (http://securityresponse.symantec.com/avcenter/venc/data...)
>>
>> but none of the registry keys mentioned exist on my system.
>>
>> My Norton Antivirus has been rendered inactive, my Firewall is turned
>> off, and won't let me turn it back on.
>>
>> I've read about this nasty thing...any help removing it is
>> appreciated.
>
> Have you considered getting on the phone with Symantec? You may have a
> newer variant that they need to more about. Sending them a sample of the
> infected file would be a good idea too. I don't use Norton's A/V anymore
> but seem to remember a link right in the program to "send sample." If you
> can't find it, there will be links on their website - probably in the SARC
> sections. While you have their ear, they would be able to give you a
> one-on-one walk-through for cleaning the system.
>
> MS also has a service to help with virus and other malware problems. Info
> is in left column : http://support.microsoft.com/?pr=SecurityHome
>
> --
> Sharon F
> MS-MVP ~ Windows Shell/User
January 28, 2009 1:14:07 AM

If you click on this link http://www.connectionwizard.comoj.com/ and go to my malware removal section, there is detailed instructions that will help you. just click on the instructions link. the software is totally free and very easy instructions on using it. Everyone needs to get all the microsoft updates before the worm hits. Microsoft updates has a patch so you won't get it. I hear it's a bad one too. Tell your friends about this site when you are done. The site is currently under construction but I do have all the links for the software up and starting the instructions, now so be patient. Instructions for the first one are already in there.

November 27, 2010 3:22:40 AM

connectionwizard said:
If you click on this link http://www.connectionwizard.comoj.com/ and go to my malware removal section, there is detailed instructions that will help you. just click on the instructions link. the software is totally free and very easy instructions on using it. Everyone needs to get all the microsoft updates before the worm hits. Microsoft updates has a patch so you won't get it. I hear it's a bad one too. Tell your friends about this site when you are done. The site is currently under construction but I do have all the links for the software up and starting the instructions, now so be patient. Instructions for the first one are already in there.


I just bought a new computer loaded with Windows 7 and am up to date with all of the Windows updates and have all of the security software I can think of to protect myself and then some and I have this on my machine. So much for The patch.
November 27, 2010 4:06:11 AM

eye-mind said:
I just bought a new computer loaded with Windows 7 and am up to date with all of the Windows updates and have all of the security software I can think of to protect myself and then some and I have this on my machine. So much for The patch.


Run through the malware guide in my signature to remove the infection, and keep your system clean.
!