Virus help.....!

Discussion in 'Software Q&A' started by sidewinder, Sep 11, 2004.

Thread Status:
Not open for further replies.
  1. sidewinder

    sidewinder New Member

    Joined:
    Jul 24, 2004
    Messages:
    628
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    West Bengal
    Hi guys.Plz help me to solve my problem.I use windows 2000 adv server and winxp as my operating systems.One day I was running my antivirus software manualy in winxp and it found some viruses in the c: drive where win2kadvsrvr is installed.After the scan was complete it healed all the viruses.But now whenever I log into win2k adv srvr it shows an error msg that svohost.exe is not found[The virus infected file] which was located in winnt/system32 folder.This entry is not in the startup folder.I have used various software like system mechanic,ashampoo etc which allows the editing the startup programs list but the entry is not found so I cant delete it.It seems editing some registry values is needed.Guide me through the steps....
     
  2. ShekharPalash

    ShekharPalash Web Entrepreneur

    Joined:
    Aug 4, 2004
    Messages:
    584
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Bangalore
    It's actually SVCHOST.EXE (Service Host; which manages System Services in Windows Systems)
    Disable Windows XP System restore Service on all drives, update your AV and rescan.
    This sud fix da problem... also don't forget to patch ur both OSes...

    order this free security update asia CD from MS here...

    https://s.microsoft.com/asia/security/ordercd_sec.asp

    Also Visit www.microsoft.com/windows to order Windows XP SP2 FREE CD.... and download if u have high speed internet... it's a 80-266 MB download.

    Always keep updated... u'll be more secure!!
     
  3. Kl@w-24

    Kl@w-24 Slideshow Bob

    Joined:
    Apr 2, 2004
    Messages:
    1,703
    Likes Received:
    1
    Trophy Points:
    38
    If u can boot into XP, then try this. Insert ur Win 2K AdvSvr CD and search for th file 'svchost.ex_'. It should be in th CD's 'i386' folder. Copy it to a folder on ur hard disk. Now search for 'expand.exe'. Once both files hv been found, type th following at MS-DOS prompt :

    expand -r D:\svchost.ex_ D:\svchost.exe

    This is, considering u hv copied svchost.ex_ to ur D:\drive.
    Now copy th expanded file to ur WINNT/SYSTEM32 folder. Now try booting into Win 2K AdvSvr.
     
  4. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
  5. OP
    OP
    sidewinder

    sidewinder New Member

    Joined:
    Jul 24, 2004
    Messages:
    628
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    West Bengal
    no guys its not svchost.exe.I know what svchost.exe is.The infected file was infact svohost.exe and it was infected by some agrobot virus....

    I can boot into both the oses and both of them r working fine

    I use nav 2004,Quick heal,Mcafee pro 8 and Avg free and all of them have latest definitions..

    The problem is It after booting into advsrvr it shows a nagging error msg of which i want to get rid of
     
  6. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    What error message ...? Please post your HijackThis Logfile for better assesment of your problem.
     
  7. Kl@w-24

    Kl@w-24 Slideshow Bob

    Joined:
    Apr 2, 2004
    Messages:
    1,703
    Likes Received:
    1
    Trophy Points:
    38
    Looks like th file is registered as a service. Run 'services.msc' from th Run dialog, and see what services are installed. If there is some service which refers to 'svohost.exe', disable it. Also, run 'Regedit' and search for 'svohost.exe'. Delete all entries mentioning it. Backup ur registry b4 attempting this !!
     
Thread Status:
Not open for further replies.

Share This Page