01-15-2008, 04:54 PM | #1 |
Annoying people since 1986
|
HELP, very annoying Virus
Ok here goes, NoD32 tell me there are some buggers called
c:\windows\system32\perfs.exe c:\windows\system32\routing.exe And a process called: WmiPrvSe.exe can't find 'em, can't delete 'em, google has abadoned me. Any help? Last edited by פֿяαιп βαмαgεפ; 01-15-2008 at 05:10 PM. |
|
01-15-2008, 09:06 PM | #2 |
Annoying people since 1986
|
Anyone?
|
|
01-16-2008, 02:15 AM | #3 |
Comic Artist
D&A Member
Join Date: Jan 2008
Posts Rated Helpful 0 Times
|
Windows® Management Instrumentation (WMI) is a component of the Microsoft® Windows® operating system that provides management information and control in an enterprise environment. By using industry standards, managers can use WMI to query and set information on desktop systems, applications, networks, and other enterprise components. Developers can use WMI to create event monitoring applications that alert users when important incidents occur. In earlier versions of Windows, providers were loaded in-process with the Windows Management service (WinMgmt.exe), running under the LocalSystem security account. Failure of a provider caused the entire WMI service to fail. The next request to WMI restarted the service.
Beginning with Windows XP, WMI resides in a shared service host with several other services. To avoid stopping all the services when a provider fails, providers are loaded into a separate host process named Wmiprvse.exe. Multiple instances of Wmiprvse.exe can run at the same time under different accounts: LocalSystem, NetworkService, or LocalService. The WMI core WinMgmt.exe is loaded into the shared Local Service host named Svchost.exe. Note: wmiprvsw.exe is the Sasser worm! source: http://www.neuber.com/taskmanager/pr...prvse.exe.html
__________________
|
|
01-16-2008, 04:14 AM | #4 |
SHUT UP AND SWALLOW
Join Date: Sep 2007
Location: Argentina
Posts Rated Helpful 0 Times
|
maybe this will help u:
http://xtra.co.nz/help/0,,4155-1916458,00.html If u delete em and their reappear, try using avast, that shit takes out the respawning virus for ever (try using the option of search after rebooting the pc so it will take them down from the core) |
|
01-16-2008, 04:47 PM | #5 | |
Annoying people since 1986
|
Quote:
And thanks Ghost, I'm on it! *edit* avast it is, the fucker won't budge! Last edited by פֿяαιп βαмαgεפ; 01-16-2008 at 05:00 PM. |
|
|
01-16-2008, 05:09 PM | #7 |
In the clouds
Join Date: Mar 2007
Location: Halifax, UK
Posts Rated Helpful 0 Times
|
Boot into Windows Safe Mode (Press F8 during bootup)
Or, failing that, boot into Recovery Mode and delete that way Or, alternatively, boot off Ultimate Boot CD (not touching Windows at all) and delete the files. Download and run "Hijack This" too. |
|
01-16-2008, 07:51 PM | #8 |
Annoying people since 1986
|
Avast is still scanning, I'll see what it solves.
Thanks for all the tips! |
|
01-17-2008, 03:15 AM | #9 |
Join Date: Apr 2007
Location: Hiram, GA
Posts Rated Helpful 0 Times
|
Avast won't find it. I run it at work and still got the dang thing. Once you figure out where everything is it's really not that bad to remove just annoying because nothing finds the dang thing.
You'll have to end the process, remove the service and delete the files. Clipped this from Afterdawn Which is where I found the most useful info. I didn't bother with the .bat file I just entered the commands cmd window. Code:
also I recommend making backups of all files before you attempt any of this all these are associated: C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\ndt2.sys C:\WINDOWS\system32\perfs.exe you can try : sc stop perfmons sc delete perfmons sc stop Routing sc delete Routing exit Also recommend HijackThis to remove the associated lines from startup. Good Luck, -=Roland=- Last edited by -=Roland=-; 01-18-2008 at 01:40 AM. |
|
01-17-2008, 04:22 PM | #10 |
Annoying people since 1986
|
Yup, avast went right trough. Only NOD32 keeps bugging mah face!
I'll try what you just suggested, I'm getting really desperate here... |
|
01-17-2008, 08:56 PM | #11 |
Retired FF Staff
Join Date: Mar 2007
Posts Rated Helpful 0 Times
|
If all else fails complete reslate thats what I do When I fuck shit up. Also see what those pie porn site do.
__________________
I Love GenghisTron . I miss you sooooo Much. LOL. |
|
01-18-2008, 04:43 PM | #12 | |
Annoying people since 1986
|
Quote:
By the way, am I good with NOD32, or should I go get something else? I've always like NOD32 untill now, it let me down by letting in a freakn' fucked up trojan. |
|
|
01-25-2008, 01:11 AM | #13 |
Join Date: Apr 2007
Location: Hiram, GA
Posts Rated Helpful 0 Times
|
So, how'd you make out there DB? All better now?
|
|
01-25-2008, 11:58 AM | #14 |
Annoying people since 1986
|
Still working on it, this is one NASTY bugger, but I did manage to cap it so it's not active anymore, but deleting will have to go through Hiren's boot cd.
Last edited by פֿяαιп βαмαgεפ; 01-25-2008 at 12:07 PM. |
|
01-25-2008, 02:10 PM | #15 | |
no war but class war
Fortress Forever Staff
Join Date: Oct 2007
Location: big bad berlin
Class/Position: Soldier / Scout Gametype: ctf Affiliations: [w~k!] Posts Rated Helpful 3 Times
|
Quote:
|
|
|
01-26-2008, 10:30 AM | #16 |
Annoying people since 1986
|
^Tried that, went right over it.
|
|
01-27-2008, 10:14 PM | #17 |
Ambassador of Everything.
|
Step 1:
Delete your CacAfee/Borton scanner you probably are using. Step 2: Download Avast Anti-Virus. Download AVG Anti-Virus. Download SpyBot S&D. Download Ad-Aware. Step 3: Update all the scanners. Step 4: Restart computer and put into safe mode. Step 5: Set all of them onto thorough scan or however the heck you spell that word. Step 6: Scan overnight/any time 2 times using all of them. Repeat as your paranoia desires. Step 7: Delete AVG so Steam won't bitch and crash because you have it on the comp. Step 8: Continue using Avast as your main scanner. Continue using Spybot as your secondary spyware scanner. Continue using Ad-Aware as your secondary spyware scanner. Step 9: Buy me a case of Romanian wine. Step 10: Cheers. Further tips: Run: MSCONFIG. Hide all the Microsoft Services (A tickbox). Then disable whatever you find questionable. --------------------------------------------------------- Further notes: I've had viruses like the ones you described, this scanner set basically owned everything. Twice have I hit profile editor sites that have carpetbombs of viruses, that means my Avast alarm goes off about 10 times and even after I close the window. I just do the steps above and next thing I know, it's all gone. Last edited by Focksbot; 01-27-2008 at 10:20 PM. |
|
01-27-2008, 11:58 PM | #18 |
Join Date: Apr 2007
Location: Hiram, GA
Posts Rated Helpful 0 Times
|
He's running Avast...the same as I was.
|
|
01-28-2008, 01:46 AM | #19 | |
Ambassador of Everything.
|
Quote:
And he didn't have the combo I use. |
|
|
01-28-2008, 03:02 AM | #20 |
Join Date: Apr 2007
Location: Hiram, GA
Posts Rated Helpful 0 Times
|
True I forgot he was running NOD first.
SpyBot and AdAware both ignore this one too unless they've been updated since I had it. |
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|