Expert Virus Removal Services and Technical advice.

We are Providing Computer users with Expert Virus Removal Services and Technical Advice.

Threats and their Removal.

Do you need a quick solution to a technical problem? With our live remote-assistance tool, a member of our support team can view your desktop and share control of your mouse and keyboard to get you on your way to a solution.

Spywares and their Removal.

Are you worried that your computer might be nfected with Spywares? Then this is were you can find Support.

Advices for Protecting the Computer.

Expert Advices for Protecting your computer from attacks from all threats

Different Anti Virus Software and Tools.

Familiarizing different Anti Virus Software and removal Tools.

February 11, 2011

Fix a Facebook Virus



Did someone hack your Facebook account? This activity can easily be detected if you see status updates that you did not post to your public Facebook wall. Status updates can be links to spam sites or virus downloading websites that infect anyone who clicks on them. Cleaning out your Facebook profile and computer is essential in getting rid of the virus, and protecting your computer from future invasions.

Detect IP Spoofing


Spoofing is, generally, the act of one person pretending to be someone else, usually in an effort to scam someone or otherwise commit either fraudulent or fairly malicious acts. The word “spoof” is often used in entertainment to mean a type of media that uses imitation to parody another program or work of entertainment.

The scam artists then use that information to steal your identity and your money.

SCVHOST.EXE or SCVHOSTS.EXE Virus


SCVHOST.EXE or SCVHOSTS.EXE Virus


There’s a strain of computer virus/worm that hide itself using the name SCVHOST.EXE or SCVHOSTS.EXE, (don’t mistaken it as SVCHOST.EXE, it’s one of the vital programs of Windows, see the difference in spelling). It was detected as W32/YahLover.Worm.gen of McAfee Antivirus and as Win32/Autorun.R.worm by NOD32. This virus infects your computer by different means.

* One is, it install itself in autorun.inf in Open option of the AUTORUN. Once you double click it will run and start spreading itself to your system.

* The other event is, it copy itself through all the shared files of the computers on your network and install itself in the registry entries remotely using a GUEST account (through System:Remote).

Characteristic of the Virus

* This virus/worm when blocks the task manager when you press Ctrl+Alt+Del to invoke the task manager
* It blocks the registry (The worm change the registry to prevent running task manager and registry for harder detection).
* It also restarts the computer when you try to go to the command prompt. (This is based on my experience on this worm/virus when I try to disinfect it manually)
* It copy itself to different folders of drives and uses the name of the folder where it belongs. The copied virus/worm uses a FOLDER icon
* According to McAfee it changes the configuration of your Yahoo Messenger (see McAfee info)
* It autostart via registry keys Windows->Run and add itself to WinNT->WinLogon->Explorer.exe

To remove the virus manually,

1. Boot your system in Safe Mode Command Prompt Only (Press F8 when your computer restarts, a menu will be shown and select the option)
2. After you log-in the command prompt will be opened (LOG-IN AS ADMINISTRATOR).
3. Type CD C:\WINDOWS\SYSTEM32 (assuming that your Windows System files are located at Drive C)
4. Type DIR /AH, this will display all hidden files of this folder. You will see the following file which is used by the virus to spread itself: AUTORUN.INI, BLASTCLNNN.EXE, and SCVHOST.EXE
5. Type ATTRIB -H -R -S SCVHOST.EXE
6. Type ATTRIB -H -R -S BLASTCLNNN.EXE
7. Type ATTRIB -H -R -S AUTORUN.INI
8. Type DEL SCVHOST.EXE
9. Type DEL BLASTCLNNNN.EXE
10. Type DEL AUTORUN.INI
11. Type CD\
12. Type ATTRIB -H -R -S AUTORUN.INF
13. Type DEL AUTORUN.INF

After removing the virus/worm files, it should be removed from the registry of your system.

1. From the command prompt type REGEDIT.EXE this will run the Registry Editor
2. From the registry, look for the key: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run, you will see an entry Yahoo! Messengger (it’s spelled like this) with a value c:\windows\system32\scvhost.exe, Delete this entry.
3. Look again for the key:  
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, there’s an entry named: SHELL, it has a value = Explorer.exe SCVHOST.EXE , don’t delete this entry!!! Just edit this entry and REMOVE the SCVHOST.EXE so that Explorer.exe will be the only value that will remain from this registry entry.

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More