February 24, 2011

Remove the SVCHOST.exe Virus



In the Windows NT family of operating systems, svchost.exe is a process and its associated image (executable file) for hosting services. These services are contained within dynamically-linked libraries (DLLs).

A variety of worm malware programs spread a similarly named file--Scvhost.exe--via Yahoo! Messenger that blocks the Task Manager and Registry Editor, as well as use of the command prompt.

Instructions


  1. If the operating system of the infected computer is either Windows Me or Windows XP, turn off System Restore while this fix is being implemented. To turn off System Restore within Windows Me, click Start > Settings > Control Panel. Double-click "System." Select "File System" from the Performance tab. Left click the "Troubleshooting" tab and check the "Disable System Restore" box. Click "OK."
     
  2. To turn off System Restore within Windows XP, log in as Administrator and click "Start." Right click "My Computer" and select "Properties" from the shortcut menu. Check the "Turn off System Restore" option for each drive on the System Restore tab. Left click "Apply" and "Yes" to confirm when prompted. Click "OK."
     
  3. Restart your computer in Safe Mode and log in as Administrator. Press "F8" after the first beep occurs during start up, before the display of the Microsoft Windows logo. Select the first option, to run Windows in Safe Mode from the selection menu.
     
  4. Access the command prompt. Click Start > Run. Type "cmd." Click OK > CD (change directory) from the command prompt, press the space bar.
     
  5. Type the name of the full directory path of the folder containing your Windows system files. It will be either "C:\Windows\System" or "C:\Windows\System 32."
     
  6. From the command prompt, type the following to unprotected the files for removal:

    "attrib -h -r -s scvhost.exe" and press "Enter;"
    "attrib -h -r -s blastclnnn.exe" and press "Enter;"
    "attrib -h -r -s autorun.inf" and press "Enter."
  7. Delete the files by typing the following from the command prompt:

    "del scvhost.exe" and press "Enter;"
    "del blastclnnn.exe" and press "Enter;"
    "del autorun.ini" and press "Enter."
     
  8. Type "cd\" to return to the main Windows directory.
     
  9. Unprotect and delete the Autorun.inf file by typing the following from the Windows directory command prompt:

    "attrib -h -r -s autorun.inf" and press "Enter;"
    "del "autorun.inf" and press "Enter;"
    Type "regedit" and press "Enter" to open the Registry Editor.
     
  10. Locate the following entry:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
    Delete the incorrectly spelled Yahoo! Messenger entry with the value
    "c:\windows\system32\scvhost.exe."
  11. Locate the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
    Within the key, there is a "shell" entry with the value of "explorer.exe, scvhost.exe". Edit the entry to remove the reference to Scvhost.exe, leaving Explorer.exe as the remaining value in the registry entry.
     
  12. Locate the following key:

    HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>
    Delete the following subkeys from the left panel:
    RpcPatch
    RpcTftpd
    Exit the command prompt and return to the operating system. Type "Exit," and press "Enter."
     
  13. Reboot the PC.
If Scvhost.exe still resides on the computer, repeat these steps or try using an automatic removal program from McAfee or Symantec.











22 comments:

Someone essentially help to make critically posts I would state.

This is the very first time I frequented your website page and
to this point? I surprised with the research you made to make
this particular publish amazing. Magnificent task!
Also visit my web site ; liste der privaten krankenkassen

Fantastic website. A lot of helpful info here. I'm sending it to some buddies ans additionally sharing in delicious. And certainly, thank you in your sweat!
Feel free to visit my blog : krankenkasse wechsel privat gesetzlich

This design is spectacular! You most certainly know how to keep a reader amused.

Between your wit and your videos, I was almost moved to start my own blog (well, almost.
..HaHa!) Fantastic job. I really enjoyed what you had to say, and more than that, how you presented
it. Too cool!

my blog: Read �
my web page - http://modwiki.net/w/index.php?title=User:LeroySvw

Thank you for sharing your thoughts. I truly appreciate your efforts and I am
waiting for your next write ups thanks once again.
My site: kreditvermittler ohne schufa

Hello! I know this is kinda off topic but I was wondering if you knew where I could find a captcha
plugin for my comment form? I'm using the same blog platform as yours and I'm having difficulty finding one?
Thanks a lot!
Here is my homepage ... creative business ideas

Spot on with this write-up, I actually believe that this
web site needs a lot more attention. I'll probably be back again to read more, thanks for the info!
Feel free to visit my site :: affiliate program product

I have to thank you for the efforts you have put in writing this website.
I am hoping to check out the same high-grade blog posts by you in the future as well.
In fact, your creative writing abilities has inspired me to get my own site now ;)

Feel free to visit my homepage - kredit ohne schufa auskunft

Hi, just wanted to say, I enjoyed this blog post.
It was helpful. Keep on posting!

Have a look at my homepage; click the next internet site
my web site: accessoires Shop online

What's up it's me, I am also visiting this website regularly, this web page is really fastidious and the visitors are really
sharing good thoughts.

my weblog Recommended Internet site

Usually I don't read post on blogs, however I would like to say that this write-up very compelled me to take a look at and do so! Your writing style has been surprised me. Thank you, very great article.

Also visit my webpage; Highly recommended Web-site
Also see my web site - http://prisma-statement.org/consort-wiki.org/tiki-index.php?page=UserPagehaijpyrvsu

What's up, after reading this amazing article i am also glad to share my experience here with friends.

Feel free to surf to my website - make money Through clickbank

Every weekend i used to pay a visit this web page, because
i want enjoyment, as this this web site conations truly good
funny material too.

Feel free to surf to my website: User:ZackBermu - ModuleAnnotation
My webpage: small business ideas india

Good respond in return of this question with real arguments and telling
everything regarding that.

Feel free to visit my site; click the up coming web site

Hey! I just wanted to ask if you ever have any trouble
with hackers? My last blog (wordpress) was hacked and I ended
up losing many months of hard work due to no back up.
Do you have any solutions to stop hackers?

My weblog: affiliate product marketing

Hey there! I could have sworn I've been to this website before but after browsing through some of the post I realized it's
new to me. Anyhow, I'm definitely delighted I found it and I'll be book-marking and checking back
often!

Check out my blog vergleich private krankenversicherung online

Everything is very open with a really clear clarification of the issues.
It was truly informative. Your website is very helpful.
Thanks for sharing!

my site :: click through the up coming web page

Helpful info. Lucky me I found your website unintentionally, and I am
shocked why this twist of fate did not took place earlier!
I bookmarked it.

my web page - Http://Thursdayinternet.Com/Groups/Ideal-Assistance-For-Those-Searching-For-Health-Insurance/

Hi there to every , because I am truly eager of reading this weblog's post to be updated on a regular basis. It includes good material.

Feel free to visit my web blog teichpumpe ohne strom

I really like what you guys are up too. This type of clever work and exposure!
Keep up the good works guys I've you guys to our blogroll.

my page solar teichpumpen :: ::

Hey very Good net log!!

Feel free to surf to my page; private krankenversicherung

A buddy and myself have been arguing just about an topic comparable to this 1!
Now I know that I was appropriate. lol! marked you as a fave so I will; be back :D

Feel free to surf to my blog; Entdecken Sie mehr hier

There is obviously a good deal to know. I think some superior ideas for services.


My web site ... markenjeans outlet online

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More