Posted 22 June 2008 - 09:43 AM
Hello. I was recently infected by the Sohana worm which entered my pc via my flash drive. At that time I was running AVG 8.0, Spybot Search & Destroy, Spyware Guard, and Windows Firewall. AVG did not detect it, I only knew I had an infection when Tea Timer asked me to allow a couple of registry changes. I clicked deny change, and maybe I made a mistake somewhere because the changes were allowed and all of a sudden my Yahoo Messenger flickered and sent foreign language links to my contacts. I also discovered that Task Manager was down. I immediately switched to Safe Mode with networking. I looked around for help and I found a blog with step by step instructions. I found out that I had scvvhsot.exe and blastclnnn.exe in my system. I followed the directions, which suggested that I use the following programs: avast antivirus, Ccleaner, NoobKiller, Autoruns, SuperAntispyware, SDFix and Combofix. I followed all instructions, Noob Killer restored my Task Manager function, avast killed 3 infections, and I found and deleted a scheduled blastclnnn task in Autoruns. After being pronounced clean by avast I changed to Avira Antivir premium which also pronounced my system clean. I used it to clean my flash drive, and it named the infection as Sohana worm (scvvhsot.exe, New Folder.exe). I was careful not to click on anything else which may lead to a reinfection.
My problem now is how to make sure that my system is clean. I realize now that what I did was very risky and could have led to my computer's demise should I have allowed one of those programs to delete an essential program or code. Good thing my computer apparently survived the infection (and my lack of expertise) and that I found this site, if only a little too late.
Hope someone can help me. My current settings are as follows: Windows XP (SP2), Avira Antivir Premium, Spyware Guard, Spybot Search & Destroy, Windows Firewall. And I use Mozilla Firefox as my browser. Thanks in advance!