Svakako proveri i ovo uputstvo sa symantecovog sajta.
znaci ako nadjes bilo sta od ovoga brisi:
Citat:
# %System%\Main.exe
# %System%\Loader.exe
# %System%\Msmsg.exe
# %System%\Winserv.dll
# %System%\Fservice.exe
# %System%\Sservice.exe
# %Windir%\Winlogon.exe
Citat:
# %System%\wininv.dll
# %System%\winkey.dll
Popravi izmene u registry bazi:
Citat:
# Adds a value at one or more of the following locations in the Windows registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
The following values have been seen added:
"MSNMESENGER"="%System%\Main.exe"
"DirectX for Microsoft Windows"="%System%\Fservice.exe"
"DirectX for Microsoft Windows"="%System%\Sservice.exe"
"StubPath"="C:\Windows\system\Sservice.exe"
# Modifies the value data of:
Shell
in the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
from:
"explorer.exe"
to:
"explorer.exe %System%\Fservice.exe"
I na kraju osim izmena u registry bazi moze i ovako:
Citat:
1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart the computer in Safe mode (Windows 95/98/Me) or Safe mode with Command Prompt (Windows 2000/XP).
4. Reverse the changes made to the registry.
5. Restart the computer in Safe mode or VGA mode (Windows Me/XP).
6. Run a full system scan and delete all the files detected as Backdoor.Prorat.
For specific details on each of these steps, read the following instructions.
[Ovu poruku je menjao Goran Mijailovic dana 17.12.2005. u 00:37 GMT+1]