The virus consists of the following.
C:\Windows\system32\fservice.exe and
C:\Windows\services.exe
The virus is a key logger. It sends an email message every time a connection to the internet is made. It blocks the Windows XP Protect Shield and System Restore services.
Removing the virus:
1. Kill fservice.exe
- Use TASKKILL /F /IM fservice.exe
- If it doesn’t work on the first attempt, use NTSD -P [PID of fservice.exe] then quit the debugger to kill the task.
2. Kill services.exe
- Kill the bogus one not the genuine services.exe
- Follow procedure in number 1.
3. Delete all occurrences of fservice.exe and the fake services.exe
- Do not delete the real services.exe found in C:\Windows\system32
4. Clean the registry for entries containing fservice.exe and the fake services.exe
No comments:
Post a Comment