c:\windows\system32\svchost.exe Rootkit ;-(

Hi, all!

I’m from Russia, and have this problem too.
Yesterday on one machine and today on four.
It seems that Avast not only delete the svchost.exe, but delete something in registry.
Because i copy this file from other machine but Windows does not work! From about 50 services remains only 19 !!!
In russian forum many people has this problem. Somebody has onehalf machines destroyed in office!
It’s a big trouble :(.

Sorry for english

How can we restore the system? (Win XP SP2)

Most of services was deleted. >:(

Many people are shocked, they had many machines and the work were stoped. >:(

To reinstall Windows is not good idea

I don’t think it can be restored, sorry.
You may try “Repair” from Windows installation CD, but I don’t know if it’ll work.

What version of avast! do you have installed?

Win XP Pro SP2 RUS, avast! Home 4.8.1201, VPS 080604-0. The same problem. Lastest update has no effect. avast! deleted all ImagePath string with svchost.exe from services in registry. So, my Windows is dead.

I don't think it can be restored, sorry.
May be copy svchost.exe and .reg-patch for restore main process? What esle avast! deleted?

also the russian version is fixed now… download the latest VPS update :wink:

We have Avast Network Client 4.7.820

I saw that our mirror has Avast Professional 4.7.1201, but NetWork Clients are still 4.7.820

In my machine (from i work now) there is a message that Avast found svchost.exe every 5 second, and the chest had about 51M of this file yet :-. The VBA is updated to 080604-0, but i don’t want to reboot, because something tell me, that i’ll can’t work on my machine :o

Wow, i just had a VPS update and the message about svchost were lost.
But i still afraid to reboot :frowning:

And can we something do whith died machines? People need to work, and reinstall Win not good idea :o

hello, help me could you send svchost.exe file for windows professionnal sp1 please :-[

I’m afraid just replacing svchost.exe will not work.
Try the “Repair” option from Windows installation CD.

http://ifolder.ru/6844462

svchost + .reg file

You can restore system by System Restore. default system restore doesn’t work, but you may run ERD Commander 2005.
I’m up about 20 systems today…

it confirms that avast is really really a worse av

take antivir and see the difference !!! ;D

Which difference, really? That it doesn’t FP on svchost.exe?
Trust me, similar things happened to them as well (and to the other AV companies, Symantec/McAfee including, too).

This is not an excuse for avast, it’s just that trolling is the last thing people want to hear now.

Cheers
Vlk

Vlk, I can’t believe such a file will give a false positive…
Shouldn’t it be digitally signed?
How can this signature pass to your standard tests? ???

If the user delete or move the file to Chest in boot scanning, how would it be allowed to logon again? Another incident that asks for a boot time access to Chest.

Мужики, кто на родном и могучем рубит, обращайтесь, отконсультирую какими способами можно восстановить систему ;D

To Restore system you can try to start from a your windows install disk d:\i386\winnt32.exe and choose a mode - updating.
Or rollback system by external utils, like ERD. Necessarily copy svchost after rollback the system.
If you simple copy the svchost in the system32, it will not help

We are french resseler, we habe more than 10 PC dead.
When people from avast are going to give us :

Right explication
Fix to repair damaged files ands registry database ???

IT’s YOUR RESPONSABILITY !

Emmanuel

Guys so I dont have that virus?It was a false alarm?I want to be 100% sure because i have to make something with my bank account.

hello everyone,
as many people here, i have the same problem :frowning: i put the “false virus” in quarantaine and since then i have many problems and i don’t have the internet anymore.
is the latest vsp going to correct something or is it just to prevent other persons to have the same problem ? i downloaded it (released: 4.6.2008, version: 080604-1) from another computer, i’d like to know if it’s going to do something before install it (i don’t want things to get worse…).
thank you in advance for your answer.

I haven’t had any alert on svchost.exe since this was first reported in this topic, XP Pro SP2, English language version.

I did a specific scan with ashQuick.exe (right click) on this file with VPS 080604-1 and no detection.

Hi,

To Avast developers:

Please it’s very urgent to react to this problem, (the same as described along this thread) cause many people around me (including myself) can’t use their computer anymore.

Too many people are facing with the same problem caused by Avast antivirus which has corrupted the OS.
So, please, be professional and:

  1. Put a message on the main page of your website (www.avast.com) saying that there was a problem and you’re working on it.
  2. Do all what you can to provide us quickly a patch to restore deleted / corrupted files / registry
    ==> That what I call “Professionalism”

I use Avast antivirus since more than 3 years now and never had any problem with it, I will continue to believe in it, but please FIX THE PROBLEM !

By the way, don’t forget that many people don’t know what is the recovery function on the Windows XP CD, and surely don’t know where they let this CD cause they only use their computer for web surfing and mail !

Thanks in advance for your quick response !
Fonzy.