svchost.exe is infected...

but Avast! can`t repair this file!!!..,because it says: THE PROCESS CANNOT ACCESS THE FILE BECAUSE IT IS BEING USED BY ANOTHER PROCESS.

Do you have Windows XP ? If you have than i can send you this clean file and some little program that replaces files on next system boot. And can you check the location of this file on your disk (path)? It needs to be in WINDOWS\System32 folder.

Hi Kristiana,

please tell us the exact virus name and the
complete location=path name/folder name/filename that avast reports

what Win do you have ?
Are ALL servicepacks and Windowsupdates applied ? :wink:

I have windows XP servica pack 1 installed no my PC. Infected file location:

  1. SVChost.exe /system32;
  2. C/windows/system32/drivers/Wks patch[1] till [8]. sometimes Avast shows that infected ir Wks patch 1, sometimes Wks patch2…sometimes 3, 4, 5…its crazy, i cant stop this!!! Please, help!

Hi,

PLEASE tell us the name of the virus/trojan/worm also, exactly as avast reports it, NOT ONLY the file name

and answer the other questions

→ also apply ALL!!! windows updates, most important the patches against RPC-worms/Blaster etc…

sounds like nachi/Welchia or other RPC-Worm,

have you tried the avast-Cleaner ? that should do it,

otherwise supply more infos/answers :wink:

I think there are very many “unable to access file” threads the last days. Can’t you cleaver guys at avast! do something about that forcing unlocking the files before clean/delete.

BTW: Think I found a smull bug in the “Virus warning” box.
If you select “Delete permanently” you can also select “Delete after reboot if necessary”. But if you do, they the files is not deleted (even if it would have been if did not check that option). So the “necessary” part is wrong. If you mark that it will ONLY be delete after a boot. It won’t even try to delete it at once. So try without the checkmark first.

You are right, this is not correct. I’ll fix it.
Thanks.

These files are infected:

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0HENO9MN\WksPatch[6].exe;

C:\WINDOWS\system32\drivers\svchost.exe

Virus: Nachi B.worm

Cleaner doesnt work, and i dont know why???

C:\WINDOWS\system32\drivers\svchost.exe Virus: Nachi B.worm Cleaner doesn`t work ???

@Igor: Wouldn’t it be a good idea to have a description for Nachi/welchia available, especially if it is
a) listed on by the Cleaner page?!?
b) bound to reappear until Patching is done ?

@Kristiana:
The avast Cleaner should be able to remove Nachi.B
Have you read all the instructions on the cleaner page, especially the bits about

  • closing all other programs
  • closing/pausing resident shield
  • Admin-privileges

the cleaner deals with: Win32:Nachi [Wrm] (aka Welchia, variants A-C)

The worm will of course always reappear, until you apply the necessary Updates (see links below and do WindowsUpdate!!!) !!!

Further Info and Removal:
http://www.avast.com/i_idt_171.html

http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.welchia.b.worm.html (also removal-Tool)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NACHI.B
http://vil.nai.com/vil/content/v_101013.htm

:wink: