IS there anybody who have treat this virus ? And avast can do nothing about it.
I tried to delete it from startup and regedit .but it can generate another copy
of svchost.exe in the system derectory .and my os is WINXP SP2. THANK YOU!
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.
Maybe you should download, install, update and run a-squared and ewido to check too 8)
i have deleted it by using PREVX1.and this antivirus ware strickly pointed out that svchost .exe was a virus and help me clean it away . anyway thanks you again.
One still annoying problem .though i have deleted the svchost.exe virus in my system folder , i found that in my startup there still a c:\windows\system\svchost.exe ,i delete and it can generate itself a new copy after reboot ,and in my process the c:\windows\system\svchost.exe is no longer existing.And the svchost.exe in my system is already deleted by using PREVX1.Anybody who could help me to delete it completely in my
startup .very grateful.
Well the correct location for svchost in XP SP2 (on my XP Pro SP2) is in the system32 folder not the system folder. I have another copy in the c:\windows\ServicePackFiles\i386\ folder.
Check and see if there is a startup entry for it in msconfig (Start button, Run, type ‘msconfig’ without the quotes.
As Tech said you should try Ewido Security Suite download, install, update and run it, preferably in safe mode.
yeah ,I certainly know that svchost.exe is in the system32 folder in normal .and i also tried the ewido4.0beta .The thing is when i open the msconfig window ,and unchoose the box before the option ,but when i close the window and retype msconfig,open the previous window, it will remain in a chosen status .i think ewido has deleted the main core of the virus ,but the remnants of the virus is still alive.
I want to know how could i deleted the remnants of the virus and what tools i could use to find the remnants.
HERE to make it really clear i give you two pics.
open the msconfig
http://wincasy.bokee.com/photo/view.fcgi?id=1463439&mode=3
reopen the msconfig
Have you tried rebooting after changing the msconfig setting for svchost (ensuring it is the location previously mentioned, although it shouldn’t need to be run in this way) as technically if you just reopen it svchost is still running. I also use another tool rather than msconfig called codestuff starter (http://codestuff.mirrorz.com/) that does/shows a little more than msconfig, perhaps that may overcome the restoration of the setting.
Have you checked out the other entries in the setup section (google the startup item and associated file name), especially those in the system folders, are they things that you installed.
The remnants as you call them are likely to be registry entries, as you can see from the Location column, using regedit navigate to the registry key and delete only that key or sub-key, ensure that you back-up the registry before editing (you can export the key so it can be restored if required).
If you aren’t to happy editing the registry, then a registry editor can look for redundant entries. There are a nunmber of freeware registry cleaners.
Ha ,actually DavidR ,I 'm not a native English speaker,I used "remnants"because i don’t know how to express the remains left by the virus ,do my expressions make you very uncomfortalbe?
and i really sorry to trouble you again ,as you’ve already gave a lot of help ,and i couldn’t find some registry entries and this is the startup in my registry.
http://photo6.fotolog.net.cn/userimages/27/43/p/phipanx/50/500_qRYidOtw.jpg
I can’t find the unusual items ,and i also searched by the time when SVCHOST.EXE created and found noting.
Your English is fine and I have no problem with it much better than my language skills which only stretch to being able to order beer and food ;D.
Have you tried a registry cleaner Google search http://www.google.co.uk/search?q=freeware+registry+cleaner one of the ones mentioned is CCleaner which is also a general temp file/rubbish cleaning tool that many forum members use.
By unusual items I was thinking of anything which is in the system folders like tintsetp.exe in the IME sub folder although this seems OK "tintsetp.exe is a process which belongs to Microsoft Language Support (IME). "
So from your startup registry entries, svchost would appear to be gone.