path: C:\windows\system32\wininv.dll
path: C:\Documents and Settings\user\Local Settings\Temp\trz7.tmp
what should i do?? ???
path: C:\windows\system32\wininv.dll
path: C:\Documents and Settings\user\Local Settings\Temp\trz7.tmp
what should i do?? ???
Hi,
please enter
trojan-gen
into the board-search above → lots of advice there…
what WIN do you have ? XP ?
test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name
(you need to temporarily disable AV-Resident Shield/Monitor/Guard to be able to scan the file online)
(If they all don’t show it as infected, please send it in a password-protected zip-file to
virus@free-av.de/virus (at) asw (dot) cz
Include the password and a link to this posting in the mailtext)
-remove the Virus/Malware and it’s system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google
general removal procedure:
-Secure your system:
change passwords, secure shares, install patches/updates for WIN&IE;
disable ActiveX and Scripting in IE except for know secure sites - or better use a secure browser
if it’s of the trojan-gen kind: spybot, ad-aware and cwshredder might also help
if you still can’t remove it, you could post a logfile of Hijackthis here
see www.lurkhere.com ->nicefiles and www.lavasoft.de
Further Details and Links via the board search above
It disabled my systm restore and i deleted the infected files, but it came back again when i restart my window.
disabling RESTORE doesn’t suffice here when you have an active trojan in the System32-folder
try the other hints above,
first: booting in safeMode (F8-Boot) and scanning&deleting the files with avast, or deleting them manually
this is wat i got when i was trying to delete it in safe mode:
Cannot process c:\windows\system32\wininv.dll
Win32:Trojan-gen
Hi,
a) what about the other advice/scanners ?
b) a google search for the filenames hints that you are infected by prorat-Backdoor:
→ search for PRORAT here in the board, or on VirusInfo-pages, or better:
redo your system from scratch, as it’s compromised/not secure any more
→ backup data & needed settings, format C: and reinstall WIN
secure WIN better next time…
more info found everywhere in the board, or on microsoft