I have an infection from something called Backdoor.Prosti.C. I can find nothing about it on the net, other than its name listed in some virus lists. Actually, Avast & most other software isn’t detecting it – 4 of 10 scanners at http://virusscan.jotti.dhs.org/ detect it, and they mention it’s packed with “PE_PATCH” & “TELOCK.” It’s definitely not a false positive; I noticed the symptoms immediately* but it was hard to find some software to back up my suspicions (got it from running some software I got from a P2P program – my dumb, but I haven’t had a virus since 1992).
Anyway, the infected file is rundll32.exe. It appears there’s no way to disinfect other than deletion. But obviously I need rundll32.exe. So my question is, is there any way to get a clean copy, other than a full reinstall?
I’m running Windows XP Home / SP2 & all current security patches, Avast w/ latest updates. Of course I can give any other info that would help. Thanks.

  • symptoms include loss of windows funtionality – for example, I can’t run any Control Panel items or open certain file types. Also, rundll32.exe now stays in memory and periodically tries to send information to 68.82.100.172:8888 (DDI-TCP-1 - NewsEDGE server TCP (TCP 1)). Binary dump of the packet:
    0000: 00 40 05 BF F6 9F 00 0D : 9D 5D 39 51 08 00 45 00 | .@…]9Q…E.
    0010: 00 30 33 E1 40 00 40 06 : 9C DA C0 A8 00 66 44 52 | .03.@.@…fDR
    0020: 64 AC 04 08 22 B8 11 60 : 38 58 00 00 00 00 70 02 | d…"…`8X…p.
    0030: 62 70 46 2A 00 00 02 04 : 05 B4 01 01 04 02 73 34 | bpF*…s4
    0040: 78 2F 6A 6F 6C 6C 79 72 : 6F 67 65 72 | x/jollyroger

This caught my eye because I know that Avast uses a file called jollyroger.vpu

Click on the link in my signature, visit the malware removal section and do as explained there.

BTW, if you look at the virus database it will show you that Avast is detecting 5 variants of it.