Avast is detecting 4 trojan viruses in the memory check. As each one comes up, it recommends to move it to the chest. When I try doing that, I get the error Access denied!! and sometimes it also says RPC Server not available. I can not get rid of these viruses and I’m thinking that I might have had a corrupt download file when I downloaded Avast for the first time.
I’m thinking uninstall Avast, download and install another avast and try it again! Does that sound reasonable?
These viruses are really cramping my style and I wish I could get rid of them. Since I can’t move them to the chest, remaining options are move/rename them or delete them. Deleting them does nothing, as the exe file the viruses are in just starts up again. And the rename/move doesn’t do anything either as they are right back when I reboot. The exe files they are detected in are services.exe, fservices.exe, reginv.dll and winkey.dll. Does anyone have any input on this? I appreciate all responses and thank you in advance for providing anything you think might help. Thanks and have a great day! -Paul
???
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Files in use are often protected by windows.
What Operating System are you using ? is it up to date ?
If you have XP or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’
I think you should work with us and help us to help you deal with this, what is to say you won’t have the same problem with another AV.
Have (or did) you have another AV installed in this system, if so what was it and how did you get rid of it ?
It is unlikely that if they can’t be moved to the chest, for the same reasons they are likely to be protected against rename or delete and deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest (if you can, boot-time scan if not) and investigate.
Thanks so much for looking into this, I appreciate it.
My operating system is ME - I used to have XP SP2, but a crash and reformatting C drive, my computer would not let me load xp sp2 back on for nothing, ME was the only thing that worked.
The 1st Trojan Horse Found is:
File name: c:\windows.000\services.exe
Malware name: Win32-Prorat-BR [trj]
Malware type: Trojan Horse
The 2nd Trojan Horse Found is:
File name: c:\windows.000\system32\fservice.exe
Malware name: Win32-Prorat-BR [trj]
The 3rd is: c:\windows.000\reginv.dll
The 4th is c:\windows.000\winkey.dll
The avast logviewer error category lists:
Error in ASWChestC: chestOpenList Error 1722.
aswChestInterface - Program Error description: CChestListView::LoadFiles() ChestOpenList () Failed:1722.
Error in ASWChestC: chestOpenList Error 1722
aswChestInterface - Program Error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().
Error in ASWChestC: chestAddFile Error 1722.
My thoughts on the uninstall/reinstall would be to hopefully clear up the chest access problem.
You could try booting in secure Mode:
Delete the files
delete registery key in HKLM\Software\microsoft\windows\currentversion\run that is associated with the files c:\windows.000\services.exe and c:\windows.000\system32\fservice.exe.
I take it that Secure is “Safe” mode? and once in safe mode, can I use windows explorer to delete these files? Is there any special method to delete the registery keys?
I did not do a boot time scan being that I’m using ME and it was indicated to do that if I was running XP or win2K? Can ME be included too? And I’m hoping I provided to David the information that was requested. I was going to try deleting those files in safe mode after getting unlocker and seeing what I can find on google. Thanks again.
Yes you have provided enough information, al968 and Tech have basically suggested what I would have done.
Unfortunately Unlocker only works with win2k and XP at least that is what the site gives as a system requirement. Even the older versions give the same requirements.
Hey there David and Al968 and Tech Support. Al’s last post suggested Unlocker and check on Google for tools etc. I did find that unlocker wasn’t good with ME so I went to Google and did a search on fservices.
Well, it appears that this has happened to others, (I really thought these things only happened to me - was I wrong?) Well one of the searches took me to a Bullguard Free AntiVirus Forum, and those who have gone through this same thing were nice enough to pass on the solution. Solution was/is to download the ProRat 1.9 program itself, extract it, and install it. When running, the prorat window that comes up has an icon you can select to remove prorat server - which I did. Received message ‘server successfully removed’, so I rebooted and upon reboot could see the difference right away.
I sure wish I’d have done that sooner. I googled 'services and prorat within the last couple of weeks but didn’t get the results that I got with FServices.exe, woodentchanoitt?
I ran avast thru the memory scan where all this was detected before and not a thing, memory was fine.
So, thanks you guys, you guys are fine examples of how the CyberPro’s should be and if it weren’t for you guys, I’d have never been pointed in the right direction. Take Care and God Bless!!