I have an infection from something called Backdoor.Prosti.C. I can find nothing about it on the net, other than its name listed in some virus lists. Actually, Avast & most other software isn’t detecting it – 4 of 10 scanners at http://virusscan.jotti.dhs.org/ detect it, and they mention it’s packed with “PE_PATCH” & “TELOCK.” It’s definitely not a false positive; I noticed the symptoms immediately* but it was hard to find some software to back up my suspicions (got it from running some software I got from a P2P program – my dumb, but I haven’t had a virus since 1992).
Anyway, the infected file is rundll32.exe. It appears there’s no way to disinfect other than deletion. But obviously I need rundll32.exe. So my question is, is there any way to get a clean copy, other than a full reinstall?
I’m running Windows XP Home / SP2 & all current security patches, Avast w/ latest updates. Of course I can give any other info that would help. Thanks.
- symptoms include loss of windows funtionality – for example, I can’t run any Control Panel items or open certain file types. Also, rundll32.exe now stays in memory and periodically tries to send information to 68.82.100.172:8888 (DDI-TCP-1 - NewsEDGE server TCP (TCP 1)). Binary dump of the packet:
0000: 00 40 05 BF F6 9F 00 0D : 9D 5D 39 51 08 00 45 00 | .@…]9Q…E.
0010: 00 30 33 E1 40 00 40 06 : 9C DA C0 A8 00 66 44 52 | .03.@.@…fDR
0020: 64 AC 04 08 22 B8 11 60 : 38 58 00 00 00 00 70 02 | d…"…`8X…p.
0030: 62 70 46 2A 00 00 02 04 : 05 B4 01 01 04 02 73 34 | bpF*…s4
0040: 78 2F 6A 6F 6C 6C 79 72 : 6F 67 65 72 | x/jollyroger
This caught my eye because I know that Avast uses a file called jollyroger.vpu