« previous next »
Pages: [1]   Go Down

Author Topic: c:\windows\ststem32\Service.exeWin32:Trogan-gen.{VC}  (Read 3598 times)

0 Members and 1 Guest are viewing this topic.

deaton98

  • Guest
c:\windows\ststem32\Service.exeWin32:Trogan-gen.{VC}
« on: January 15, 2006, 02:10:40 PM »
I am getting a continuous "Caution, virus detected" audio message for the virus listed in my subject line. All attempts to Move/Remain, Delete, Repair, and Move to Chest don't work and only cause the virus to duplicate itself non-stop. The virus causes continuous pop up Avast time out messages and/or Windows XP error "must close" messages. Is there any help for this?
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: c:\windows\ststem32\Service.exeWin32:Trogan-gen.{VC}
« Reply #1 on: January 15, 2006, 02:13:52 PM »
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot.

Other option is scanning in SafeMode (repeatedly press F8 while booting): http://support.microsoft.com/default.aspx?scid=kb;en-us;315222

Other good thing is disable System Restore, boot, enable it again. If you find a virus keeps coming back after you delete it, it's most probably infected the System Restore folder, the best way to solve this is to disable System Restore, reboot your machine and then enable it again. After all, run a full avast! scanning. Enable/Disable System restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
Logged
The best things in life are free.

deaton98

  • Guest
Re: c:\windows\ststem32\Service.exeWin32:Trogan-gen.{VC}
« Reply #2 on: January 15, 2006, 02:22:50 PM »
Thank you for your suggstions. I will try them to the best of my ability. THANKS!!!!! :)
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89014
  • No support PMs thanks
Re: c:\windows\ststem32\Service.exeWin32:Trogan-gen.{VC}
« Reply #3 on: January 15, 2006, 03:15:04 PM »
A google search returns many hits for service.exe
Quote
Note: service.exe is also a process which is registered as the WORM_KELVIR.DD and Win32.Raleka worms. These worms are distributed via the Internet through e-mail and comes in the form of an e-mail or an MSN instant message, in the hopes that you open it’s hostile attachment. The worm has it’s own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately. Please see additional details regarding this process

http://process.networktechs.com/service.exe.php
Quote
What does it do?
Raleka is a worm-virus that spreads through the Internet by exploiting a vulnerability in the DCOM RPC service in Microsoft Windows. This vulnerability is detailed in Microsoft Security Bulletin MSO3-026 .
It would appear that your OS is out of date as this if correct shows a vulnerability patched ages ago.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »