Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
SVCHOST Virus !!
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > SVCHOST Virus !!  
Forum Quick Jump
 
You cannot post new topics in this forum. Post reply to : SVCHOST Virus !! Printable version of : SVCHOST Virus !!
[ << Previous Thread | Next Thread >> ]

hazem
New Member


Date Joined Feb 2010
Total Posts : 1
  		   Posted 2/3/2010 8:48 PM (GMT +3)    Quote: SVCHOST Virus !!Alert an admin about: SVCHOST Virus !!
I think I am having a SVCHOST Virus since I get an error message that says : " windows cannot find c:\documents and settings\locals\temp\svchost.exe "
this is my hijackthis log
plz help me

File Attachment :
hijackthis.log   9KB (application/octet-stream)
This file has been downloaded 537 time(s).
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
  		   Posted 2/23/2010 6:22 PM (GMT +3)    Quote: SVCHOST Virus !!Alert an admin about: SVCHOST Virus !!
if your problem still exisst.
post a combofix logfile:
www.bleepingcomputer.com/combofix/how-to-use-combofix
Back to Top
 

Helder
New Member


Date Joined Mar 2005
Total Posts : 3
  		   Posted 4/23/2011 6:07 PM (GMT +3)    Quote: SVCHOST Virus !!Alert an admin about: SVCHOST Virus !!
That sounds like registry has the entry call up that virus which apparently is no longer in the Temp folder, use a registry cleaner and it should get rid of that message unless you can find it yourself in the Registry and delete it. Use TFC to clear out all Temp Folder contents just to be sure there is nothing in there http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ .
Back to Top
 

rpggamergirl
Forum Moderator




Date Joined Dec 2005
Total Posts : 1562
  		   Posted 6/26/2011 10:12 AM (GMT +3)    Quote: SVCHOST Virus !!Alert an admin about: SVCHOST Virus !!
As already mentioned it's the loading point that is still calling for the bad file to load hence the error. Fixing the entries in Hijackthis should stopped the error.

Run Hijackthis again and fix these entries in Hijackthis:

F3 - REG:win.ini: load=C:\DOCUME~1\7azem\LOCALS~1\Temp\svchost.com
F3 - REG:win.ini: run=C:\DOCUME~1\7azem\LOCALS~1\Temp\svchost.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\fdisk.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [HotKey] C:\Documents and Settings\7azem\Templates\cache\vmx.exe
O4 - HKLM\..\Run: [User Agent] C:\WINDOWS\system32\fdisk.com
O4 - HKCU\..\Run: [HotKey] C:\Documents and Settings\7azem\Templates\cache\vmx.exe
O4 - HKCU\..\Run: [User Agent] C:\DOCUME~1\7azem\LOCALS~1\Temp\svchost.com


Then run ComboFix as already suggested or run MalwareBytes and do a quick scan. Post the logs please.
Malwarebytes
http://www.malwarebytes.org/mbam-download.php

* You may pm\email me if you're still waiting for my follow-up post.
  

Post Edited (rpggamergirl) : 26-06-2011 07:13:59 GMT

Back to Top
 
You cannot post new topics in this forum. Post reply to : SVCHOST Virus !! Printable version of : SVCHOST Virus !!
 
Forum Information
Currently it is Saturday, May 18, 2013 1:30 PM (GMT +3)
There are a total of 59,514 posts in 13,138 threads.
In the last 3 days there were 3 new threads and 5 reply posts. View Active Threads
Who's Online
This forum has 34609 registered members. Please welcome our newest member, Niox.JJcuc.
22 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Uninstalling Bullguard 2013 (1)5/17/2013 7:45:09 PM (Robert Mateescu)
The NovaShield behavior analysis techniques (0)5/17/2013 3:49:33 AM (ztlol1314)
Something about settings (1)5/16/2013 9:16:57 PM (Andreea-Luciana Ostache)
BullGuard Premium Services? (5)5/16/2013 9:09:56 PM (Andreea-Luciana Ostache)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard Internet Security