*Sigh* Many Problems, would be gratefull for the help :)

[Snaily]

Hi guys and gals- i've been in a bit of a mess ever since i got infected with a trojan called "prorat". Anyway, my antivirus detected it, and removed it. Now i have to main, major problems. Luckily i managed to bring back my system restore and regedit. Unfortunatly- all my restore points were lost when it was disabled- thats one of my questions- How do you make backup system restore points?

 

Anyway, after AVG removed the trojan, it looks like it didn't quite finish cleaning up- that is, im not infected, but now when i login, it hangs and i get the error message "Windows cannot find svchost.exe, to search for a file click start... bla bla bla.

Anyway, i assure you my svchost is perfectly fine, my computer runs perfectly after that point. I assume that this is a file that the trojan requested to be started when i logged in. Second question- is there any way to remove this from the registry? That is- it has the name svchost.exe, the real file is just svchost.

 

Third problem, definetly the worst and the one needing most attention- BLUE SCREEN OF DEATH :(

 

Well- its weird, i get a thread/process ended uspespectadly one, i've zipped up and uploaded some of the most recent dumps.

Thing is- safe mode works fine, and right now im typing this in NORMAL mode- the blue screen comes up when i login, but when i run a chkdsk, it fixes it! But as soon as i restart, i have the blue screen again. If i use system restore in safe mode to return to a time after a chkdsk- its fine, untill i restart.

Another thing- my firewall is outpost, i use it because im a somewhat gamer, and i enjoy the low demands, and i find the user interface much nicer for me. Its broke- half of the files got deleted after a system restore for some reoson, im guessing it was the trojan, anyway, i couldant even proporly uninstall (or reinstall) it.

 

I expect that if i can get this fixed, ill be able to use the firewall again, unfortunatly till then, as i dont have sp2, im naked to the internet :(

 

Anyway seen as i main thing to sort out is the blue screen for now- heres the dumps. http://rapidshare.com/files/55767908/Blue_screen_of_death_dumps-_12th-_14th_of_september.rar.html

[RandyL]

Hi Snaily:

I agree you have problems but don't know the exact fix for them. But it would help if you stated your operating system. I have seen this problem before.

 

The trojan installed a svchost.exe in your Windows directory. The legitimate one is in your System32 folder. Your startup is probably trying to load the first file it comes across in the Windows directory which no longer exists since you removed it. However regestry keys might still exist and depending on your OS your boot sequence is still pointing to it. Thus the error.

 

Am I safe in assuming that you manually turned off and turned back on System Restore? That would remove the threat of the trojan re-installing from your restore files.

 

There are ways of fixing the svchost.exe problem manually. It looks complicated and I've never done it. I would try using trusted programs first. Housecall from TrendMicro is one I always try first for trojans. Slow but free. And of course many others. I steer clear of registry cleaners. Too many false positives.

 

I agree all these things might be related. But I don't know what else you may have. But I would stay away from free downloads like music and such. Just asking for more trouble. Including the programs themselves.

 

It appears you are no novice though. As such you might be able to work through this with some help. Try Housecall and post back with the results as well as what OS you use and anything else you think of.

 

And of course there's always a chance danzil will reply to your post too. If I've seen this before I'll bet he has too. One thing at a time. All these things are probably related. I can't see your file. I don't do Winrar files and am not a fan of file sharing sites of any kind. Just my opinion.

 

Post back;

RandyL

[danzil]

hi again snaily.

my 1st things to check would be as randyl said your startup list via the registry and msconfig.

go to start>run type in msconfig, post back what you find ticked in the "startup tab"

ok now go to start>run then type in regedit.now browse to hklm>software>microsoft>windows>current verison>run post what you find in there.

also i would try downloading a 30 day trial of nod32 from http://www.eset.co.uk install that AFTER REMOVING ANY OTHER ANTI VIRUS,update it and run a full scan,,,that should remove any left overs of ya trojan....

is there any reason why you do not have service pack2. this is a must nowadays.

regards

danzil