Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By Sscvihost.exe


  • Please log in to reply
3 replies to this topic

#1 Sreeram

Sreeram

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:04 AM

Posted 24 July 2007 - 03:27 AM

Hi,

I am using windows 2000 professional pc and is connected to windows 2000 advanced server. some days before, my computer start displaying a message with window title "SSCVIHOST.EXE" and message reads, insert disk in zip drive and zip drive led starts glowing. somehow i removed this from my system and registry. Next day again when i login to server, it again starts showing. It is blocking registry editing and task manager. Is this a virus? I am using AVG freeversion and it is not detecting also. While in infected stage, it is copying files like newfolder.exe, copy.exe and host.exe to other removable drives. how to solve this? is there any freeware tool to remove this? please help me.

Regards,

Sreeram
Where there is a will, there is a way

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:04 PM

Posted 24 July 2007 - 05:47 AM

The info in the link below describes the malware you have.
http://www.sophos.com/security/analyses/w32sohanaw.html

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:04 AM

Posted 24 July 2007 - 04:54 PM

The W32/Sohana-W worm is not something that an ordinary anti-malware program is going to get rid of.
There's so many other things going on with it.
You really need to get a Hjt log submitted straight away.
Put in the title bar that you are infected with this worm.
Click the link supplied by buddy215 on how to post a hjt log.

BBPP6nz.png


#4 Sreeram

Sreeram
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:04 AM

Posted 25 July 2007 - 06:33 AM

Hi,

I've found one link to bfu and removed it. Anyways, I will follow the steps explained by buddy215. It is really helpful. Thanks to you all.
Where there is a will, there is a way




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users