Monday, January 07, 2008

Removing virus services.exe and fservice.exe

The virus consists of the following.



C:\Windows\system32\fservice.exe and
C:\Windows\services.exe

The virus is a key logger. It sends an email message every time a connection to the internet is made. It blocks the Windows XP Protect Shield and System Restore services.


Removing the virus:


1. Kill fservice.exe
- Use TASKKILL /F /IM fservice.exe
- If it doesn’t work on the first attempt, use NTSD -P [PID of fservice.exe] then quit the debugger to kill the task.


2. Kill services.exe
- Kill the bogus one not the genuine services.exe
- Follow procedure in number 1.


3. Delete all occurrences of fservice.exe and the fake services.exe
- Do not delete the real services.exe found in C:\Windows\system32


4. Clean the registry for entries containing fservice.exe and the fake services.exe

Tuesday, January 01, 2008