Guide to Fix SVICHOST.exe or SVICHOSSST.exe
Hello Everyone!
Today I'm going to tell you about how to FIX your computer if it is infected with the virus.
This Virus is detected by only the following Antiviral Softwares:
1- BitDefender .. it detects it with the name "Win32.Worm.Sohanat.S"
2- Dr.Web .. it detected it with the name "Win32.HLLW.Hang"3- FortiNet .. it detects as "W32/Dloader!tr.dldr"
4- Kaspersky Anti-Virus .. it detects as "IM-Worm.Win32.Sohanad.t"
5- Norton Anti-Virus 2007 (fully updated) .. detects it as "Win32.FunLove.4099"
I Got Norton Anti-Virus 2007 (fully updated till 5th July 2007 virus definition), still this virus infected my system!
As soon as my inserted my friends USB, NORTON DETECTED THE VIRUS and gave me the message. Problem fully resolved. (as per my habit, before opening any USB from outsider I first run a virus scan on it and then open it. It detected SVICHOSSST.exe in almost all the folders of the USB, plus, it detected NEW FOLDER.exe and then all the folders had a file inside them with the same name as the folder's name.
Norton Anti-virus 2007 detected all the infected files, gave me the report that all FIXED. But nothing was fixed!
First of all, symptoms of this Virus:
- TaskMgr disabled
- RegistryTools disabled- NoFolderOptions- Command Prompt(CMD) sometimes disabled one minimized when you attempt to open it
- Slow Windows performance, boot, shutdown
- new Folder look-alike files in your removable storage devices, eg.Pendrive, Ex-HD,etc
- new Folder look-alike files in your removable storage devices, eg.Pendrive, Ex-HD,etc
Ok so here is the GUIDE HOW TO FIX SVICHOSSST.EXE or SVICHOST.exe
1- You need a tool called "HiJack This!" (Click here to Download it)
2- Run it and click "DO A SYSTEM SCAN ONLY". With that you can see all the current processes on your system (as task manager is disabled so you are not able to see the processes from there).
3- You will find these three following things in there.
F2 - REG:system.ini: Shell=Explorer.exe SVICHOSSST.exeO4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SVICHOSSST.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Check these three and click "FIX" button. It will remove these entries from your Processes.
4- Restart your system (its not yet fixed).
5- Now you would be able to run REGEDIT.
Goto START MENU > RUN and type REGEDIT and press enter.
6- Okay, next, open Regedit, by navigating to Start > Run > Regedit
Then go to :
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Policies>System
&
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Policies>Explorer
Look for values like No FolderOptions, DisableRegistryTools, DisableTaskMgr and so on on the left side of the Regedit.
The REG_DWORD value of these would be '0x00000001 (1)' Right-click it and use the option MODIFY and make the value '0'. Now you would see it as '0x00000000'
7- Next go to :
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run
Locate the entry 'Yahoo Messengger', note the wrong spelling of 'Yahoo Messenger'? Delete it right away. Leave the other keys alone. The fake 'Yahoo' entry tells the system to run the virus everytime you boot(start) Windows.
8- Now goto the EDIT menu and choose FIND.
Search the keyword 'SVICHOST' and then try 'SVICHOSSST'
If you find any entry with this following keyword, simply remove it! and close Registery Editor.
(Still we have work to do! Don't be so happy)
9- Right click on your MY COMPUTER and choose "EXPLORE"
Goto the menu TOOL > FOLDER OPTIONS >VIEW and select "SHOW HIDDEN FILES AND FOLDERS" and uncheck "HIDE EXSTENSION FOR KNOWN FILE TYPES" and press OK.
NOW REMEMBER ... whenever ask you to goto some folder or drive. USE THE MENU AT YOUR LEFT SIDE. DO NOT DOUBLE CLICK THE FOLDER OR DRIVE ON YOUR RIGHT SIDE.
.:: Click Here to Enalrge ::.
Delete them using SHIFT+DEL (so that it does not go into your recycle bin).
Now goto C:\WINDOWS\SYSTEM32 and look for both the files again and delete them if found. (again using Shift+DEL)
10- Ok we are almost there ;) but dont be excited what to do with the infected USB or Removable device drive which infected your computer?Ok so same goes for it. Goto your remove able device drive. (Remember using the LEFT SIDE OF THE EXPLORE, donot double click on the right side). Locate the files SVICHOST.exe and SVICHOSSST.exe and delete them (using SHIFT+DEL).
Voila!
Related Posts: Norton Anti-virus SuX
6 comments:
excellent. Thank you very much. These viruses have made me headache for long time and I found the Symantec hopeless for removal of these
excellent. Thank you very much. These viruses have made me headache for long time and I found the Symantec hopeless for removal of these
thank you very much. its really a very nice tutorial
Hi
Thank you so much i have done these jobs and got rid this virus of :)
i want to get more help please!
when i go to My Computer > c: or d: drive every time i have to face open with menu could you please help me out in this regards
any guidance would be really thankful
please send to me just a single mail if any one have already know how to resolve it
my id is 1azhar.ali@gmail.com
thank you
well dude because of the virus you're getting this message. You better copy you all data from one drive to another.....or may be in some external storage media and then format that drive. After formatting yr drive you would easily be able to access your drives.
Thanks a lot SINNeR, your explanations are very clear and have been very helpful to me.
Post a Comment