Results 1 to 2 of 2

Thread: How to fix win32/pepatch virus

  1. #1
    Join Date
    Jan 2006
    Posts
    2,257

    How to fix win32/pepatch virus

    I am using AVG virus cleaner and this keeps detecting win32/pepatch virus in my "system volume information/_restore " folder in a .dll file.

    when i try to delete it manually it wont get delete and comes back again

    Anyone can help me ?

    Thanks
    With great power comes great responsibility - Spiderman's Uncle

    The Greatest Sig Ever

  2. #2
    Join Date
    Aug 2006
    Posts
    222
    turn off system restore...delete the"SRDISKID.DAT" in the _restore folder...either the one on c:\, d:\, e:\, ect. depends how many partitions and drives you have.
    check your msconfig startup items. Make sure there is not 2 IEXPLORE's running there. If there is, look to see if one has a zero (0) instead of an oh (o). Delete/disable it if it has a zero, as well as delete it's corresponding registry key.restart the computer.
    make sure you have a good software firewall to make sure it is not "sending out" any info.

    Virus Name: Rbot.FAY
    Pervasiveness:
    3 of 5
    Destructiveness:
    3 of 5
    Wildness:
    2 of 5
    Type: Worm
    Aliases: [Win32/]Rbot.FAY; [Win32/]Spybot.4wq!Worm (InoculateIT); [Win32/]Packed.Win32.PePatch.aw (Kaspersky); [Win32/]Rbot.FAY;

    Date Modified: 11-May-2006
    Date Published: 11-May-2006

    Description:

    Win32.Rbot.FAY is an IRC controlled backdoor (or "bot") that can be used to gain unauthorized access to a victim's machine. It can also exhibit worm-like functionality by exploiting weak passwords on administrative shares and by exploiting many different software vulnerabilities, as well as backdoors created by other malware. There are many variants of Rbot, and more are discovered regularly. Rbot is highly configurable, and is being very actively developed, however the core functionality is quite consistent between variants.

    This particular variant of Rbot is distributed as a 71,578 byte, Win32 executable that exhibits the following specific characteristics:

    When executed this variant copies itself to the %System% directory as W1nUpdate.exe and makes the following modifications to the registry to ensure that this file is executed at each Windows system start:

    HKLM\Software\Microsoft\Wind ows\CurrentVersion\Run\Microsoft Windows Update Service = "w1nupdate.exe"
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Windows Update Service = "w1nupdate.exe"

    Note: '%System%' and '%Windows%' are variable locations. The determines the location of these folders by querying the operating system. The default location for the System directory for Windows 2000 and NT is C:\Winnt\System32; for 95,98 and ME is C:\Windows\System; and for XP is C:\Windows\System32. The default installation location for the Windows directory for Windows 2000 and NT is C:\Winnt; for 95,98 and ME is C:\Windows; and for XP is C:\Windows.
    Just a reply to say thank you for these links and posts I have a lot to read and learn now!



Similar Threads

  1. Replies: 6
    Last Post: 06-08-2010, 01:59 AM
  2. How to get rid of this Win32.Aliz virus
    By Abhirath in forum Networking & Security
    Replies: 5
    Last Post: 01-04-2010, 03:10 AM
  3. How to get rid of Win32.Sumom.a virus?
    By KennedII in forum Networking & Security
    Replies: 5
    Last Post: 07-03-2010, 04:34 AM
  4. Virus.Win32.Protector.c
    By karan k in forum Networking & Security
    Replies: 3
    Last Post: 30-09-2009, 09:31 AM
  5. Win32/PEPatch
    By Bleep in forum Networking & Security
    Replies: 3
    Last Post: 21-02-2009, 12:26 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,718,704.05266 seconds with 17 queries