Help Needed With Virus

eugeneang

help can some1 help me

//-----------------------------------------------------------------

// ProductBitDefender Antivirus Plus v10

// Product10.2

// Created on: 27/12/2007 19:23:05

//-----------------------------------------------------------------

Virus Statistics

Scan path : C:\

Folders : 4060

Files : 231745

Memory processes scanned : 37

Archives : 14710

Runtime packers : 22860

Identified viruses : 2

Infected files : 1

Memory processes infected : 1

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 0

I/O errors : 48

Scan time : 00:31:12

Scan speed (files/sec) : 123

Spyware Statistics

Registry keys scanned : 292

Registry keys infected : 0

Cookies scanned : 7

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

Virus definitions : 962380

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 7

Mail plugins : 6

System plugins : 5

Virus scan options

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1198754585.log

Spyware scan options

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

Summary:

<System>=>C:\WINDOWS\system32\svehost.exe (memory dump) Infected: Generic.Malware.G!SI!!MWX!!g.4EEF956B

<System>=>C:\WINDOWS\system32\svehost.exe (memory dump) Disinfection failed

<System>=>C:\WINDOWS\system32\svehost.exe (memory dump) Move failed

<System>=>C:\WINDOWS\system32\svehost.exe (full dump) Infected: Generic.Malware.G!SI!!FLMWX!!Bg.ED035EA9

<System>=>C:\WINDOWS\system32\svehost.exe (full dump) Disinfection failed

<System>=>C:\WINDOWS\system32\svehost.exe (full dump) Move failed

Find more posts tagged with

Comments

eugeneang

ehmmm i really need help

AndreiASM

Please do the following, prefferably in safe mode:

1) Open your Taks-Manager, by pressing CTRL + ALT + DEL. Please search any instance of the malware, and, if you find any, kill it.

2) Go to C:\WINDOWS\system32\ and delete the file svehost.exe

3) Open the registry editor, by going to START -> Run, type in Regedit, and hit enter. Browse to the following keys:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, and delete any value which contains a refference to the malware. Do exactly the same for the following jey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

Post if you got ride of it.

Cheers!

eugeneang

ok i did not understand by instance of the malware..how do i find that?

and i could not find the file svehost.exe

and in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

i found nothing but msn, bitdefender

however in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

i found the microsoft update:svehost so do i delete it?

AndreiASM

Yep, delete that key. Don't forget to also kill the process associated with this program and delete it.

farbar

ok i did not understand by instance of the malware..how do i find that?

and i could not find the file svehost.exe

and in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

i found nothing but msn, bitdefender

however in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

i found the microsoft update:svehost so do i delete it?

Hi,

1. malware= svehost.exe. The MS legit file is svchost.exe but this one (svehost.exe) is malware and you should delete it. But first follow the instruction given :

1) Open your Taks-Manager, by pressing CTRL + ALT + DEL. Please search any instance of the malware, and, if you find any, kill it.

2. If you can't find the file it may be hidden, to find the file first unhide the file by going to start-control panel- folder options- view- check display the contents of system folders, check show hidden files and folders. uncheck hide extention for known files types then click apply.

3. The given run registry item (to remove) refers to: C:\WINDOWS\system32\svehost.exe

Success