Virus - backdoor.prorat|?

['puter fixer]

I am trying to remove A? virus from a friend's computer. Norton Antivirus
indicates the following:
Object Name: C:\Windows\System32\wininv.dll
Virus Name: Backdoor.Prorat
Action Taken: Unable to repair this file.

Running WinXP
System restore off
Can access internet

security.symantec.com says 2 files
wininv.dll
winkey.dll

Can't delete files in safe mode
Can delete files in safe mode command line
Change registry keys as requested
Files return

Norton will not perform a liveupdate
Windows update won't run
Can't install AVG Antivirus
Can't run FPROT
Can't update Adaware
Can't update Spybot Search and Destroy

Please help....

 

[The Prophecy]

First, Block internet access either by doing so in your firewall or by
pulling the network cable out. Second, In NAV, tell it to scan your entire
system. Once the system has been scanned and cleaned, check to see if the
registry keys for the virus is still there. For the list of keys it creates
go here:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html

Look at number 2 under the Technical Details heading.

 

['puter fixer]

Cable is unplugged.
Restore is disabled.
Cannot open Norton Antivirus/System Works even in safe mode (cannot even
right click on C drive and select scan using Norton ... nothing happens)
Uninstalled and reinstalled. still Doesn't work except error message
Object Name: C:\Windows\System32\wininv.dll
Virus Name: Backdoor.Prorat
Action Taken: Unable to repair this file.
which when starts ... can't stop.

Deleted files and registry items. Even shows back up in "Safe Mode"

Cannot run FProt
Cannot install other antivirus software (ie AVG)
Installed Zone Alarm - it shut down
Cannot do windows updates
Cannot update Adaware or Spybot (did get downloads separately and installed
and ran but still problems)

Any other suggestions?

 

[sunshine]

I am trying to remove A? virus from a friend's computer. Norton Antivirus
indicates the following:
Object Name: C:\Windows\System32\wininv.dll
Virus Name: Backdoor.Prorat
Action Taken: Unable to repair this file.

Running WinXP
System restore off
Can access internet

security.symantec.com says 2 files
wininv.dll
winkey.dll

Can't delete files in safe mode
Can delete files in safe mode command line
Change registry keys as requested
Files return

This is because your computer is hacked into and the malicious hackers
control your computer.
You have to secure your Windows Platform, e-mail and web browser
applications and then install a firewall before putting your computer
on the Internet or you will never be safe from hackers who use your
computers to trade/sell guns, bo*bs, prosititues, drugs and so on. So
when the FBI comes knocking on your door for being a criminal then
don't cry to me.

Tracker
snailmail(valid)[email protected]

 

['puter fixer]

It isn't my computer. I fix computers for the low to middle class "families"
for a very nominal fee.

I'm trying to do just that. I have never encountered a
"virus/trojan/backdoor/worm" that I couldn't clean. I am here asking for
help on how to fix this one.

After making sure a computer is "clean", I install AVG and ZoneAlarm and put
a clean up folder on the desktop with full instructions on how to keep a
computer safe.

I would appreciate help with "how to clean" the machine........

 

[Dale Simmons]

It isn't my computer. I fix computers for the low to middle class "families"
for a very nominal fee.

I'm trying to do just that. I have never encountered a
"virus/trojan/backdoor/worm" that I couldn't clean. I am here asking for
help on how to fix this one.

After making sure a computer is "clean", I install AVG and ZoneAlarm and put
a clean up folder on the desktop with full instructions on how to keep a
computer safe.

I would appreciate help with "how to clean" the machine........

Well.... don't take the hysterically-moronic advise of tweaker-babe,
tracker.... That will save you some time

 

[kurt wismer]

Cable is unplugged.
Restore is disabled.
Cannot open Norton Antivirus/System Works even in safe mode (cannot even
right click on C drive and select scan using Norton ... nothing happens)
Uninstalled and reinstalled. still Doesn't work except error message
Object Name: C:\Windows\System32\wininv.dll
Virus Name: Backdoor.Prorat
Action Taken: Unable to repair this file.
which when starts ... can't stop.

Deleted files and registry items. Even shows back up in "Safe Mode"

Cannot run FProt
Cannot install other antivirus software (ie AVG)
Installed Zone Alarm - it shut down
Cannot do windows updates
Cannot update Adaware or Spybot (did get downloads separately and installed
and ran but still problems)

Any other suggestions?

wininv.dll is being run/hosted by some other process (dlls can't
generally run by themselves)... try getting process explorer from
http://www.sysinternals.com and click on view dlls and then do a search
for that dll to see which process is using it...

 

[Tom R]

I am trying to remove A? virus from a friend's computer. Norton Antivirus
indicates the following:
Object Name: C:\Windows\System32\wininv.dll
Virus Name: Backdoor.Prorat
Action Taken: Unable to repair this file.

Running WinXP
System restore off
Can access internet

security.symantec.com says 2 files
wininv.dll
winkey.dll

Can't delete files in safe mode
Can delete files in safe mode command line
Change registry keys as requested
Files return

Norton will not perform a liveupdate
Windows update won't run
Can't install AVG Antivirus
Can't run FPROT
Can't update Adaware
Can't update Spybot Search and Destroy

Please help....

I would run at least one of these
free online virus scan programs,

RAV
http://www.ravantivirus.com/scan/

Panda:
http://www.pandasoftware.com/activescan/

BitDefender
http://www.bitdefender.com/scan/license.php

HTH,
Tom

 

['puter fixer]

Answer found and worked ....................

http://www.mcse.ms/archive177-2004-4-497067.html

 

[Jason Wade]

It isn't my computer. I fix computers for the low to middle class "families"
for a very nominal fee.

I'm trying to do just that. I have never encountered a
"virus/trojan/backdoor/worm" that I couldn't clean. I am here asking for
help on how to fix this one.

After making sure a computer is "clean", I install AVG and ZoneAlarm and put
a clean up folder on the desktop with full instructions on how to keep a
computer safe.

I would appreciate help with "how to clean" the machine........

Google search: description of prorat trojan

http://www.sophos.com/virusinfo/analyses/trojproratd.html
http://www.sarc.com/avcenter/venc/data/backdoor.prorat.html

I think that prorat is one of the almost-impossible-to-remove
+punishment-for-removal-attempts trojans.

I would backup and reinstall myself.

 

[Romper]

was said before :

I am trying to remove A? virus from a friend's computer. Norton Antivirus
indicates the following:
Object Name: C:\Windows\System32\wininv.dll
Virus Name: Backdoor.Prorat
Action Taken: Unable to repair this file.

Running WinXP
System restore off
Can access internet

security.symantec.com says 2 files
wininv.dll
winkey.dll

Can't delete files in safe mode
Can delete files in safe mode command line
Change registry keys as requested
Files return

Norton will not perform a liveupdate
Windows update won't run
Can't install AVG Antivirus
Can't run FPROT
Can't update Adaware
Can't update Spybot Search and Destroy

Please help....

Unplug the cable and use a boot disk, if that doesnt work put the
harddrive into another computer, a friends etc set it up as a slave
and then delete the files from there hope that helps


Outa here.... got a muppet to save

 

[d_dave]

I am trying to remove A? virus from a friend's computer. Norton Antivirus
indicates the following:
Object Name: C:\Windows\System32\wininv.dll
Virus Name: Backdoor.Prorat
Action Taken: Unable to repair this file.

Running WinXP
System restore off
Can access internet

security.symantec.com says 2 files
wininv.dll
winkey.dll

Can't delete files in safe mode
Can delete files in safe mode command line
Change registry keys as requested
Files return

Norton will not perform a liveupdate
Windows update won't run
Can't install AVG Antivirus
Can't run FPROT
Can't update Adaware
Can't update Spybot Search and Destroy

Please help....

you need to download ProRat server and use that to dis-infect your
machine.

 

[Gabriele Neukam]

On that special day, , ([email protected]) said...

you need to download ProRat server and use that to dis-infect your
machine.

Err, you meant to say "client", didn't you? The server is usually
*planted* on hijacked machines.


Gabriele Neukam

(e-mail address removed)