Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Srvklw32.exe


  • Please log in to reply
4 replies to this topic

#1 reynald

reynald

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 11 July 2010 - 08:09 PM

I thought Iíd post a report on a nasty bug Iíve spent most of the day on. My PC (WinXP) started acting up -- apps crashing, general slowdown. I ran MSCONFIG and found 3 unfamiliar entries in my Startup section. I unchecked them and rebooted, but one of them, srvklw32.exe, reappeared. I terminated its process using Task Manager and then ran HijackThis (1.99.1). Srvklw32.exe turned up in the scan, but HJT said it couldnít fix it and said I needed to terminate it using Task Manager first. But Iíd already done that.

So I ran Process Explorer and discovered srvklw32.exe was also attached to an instantiation of svchost.exe. Unfortunately, terminating that process caused the PC to shut down. Clever malware programmer.

I eventually rebooted in Safe Mode (command prompt) and was able to delete srvklw32.exe from my Startup folder. I think that killed it, but it did some collateral damage -- e.g., Google Chrome crashes with a "failed to initialize" error; reinstalling it didnít help. Fortunately, Firefox works. Iíll continue to monitor for damage. Just thought Iíd share my experience. This malware completely bypassed my AV (Fix-It Utilities 10 Pro).

UPDATE: I restored a 4-day-old Recovery Commander checkpoint (Fix-It's version of system restore), and now Chrome runs OK. Nor have I noticed any other lingering effects of the infection (knock on wood...).

Edited by reynald, 11 July 2010 - 10:48 PM.


BC AdBot (Login to Remove)

 


#2 zwpgangster

zwpgangster

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 12 July 2010 - 09:30 AM

Hello reynald,

I have the same problem and i have done it differently.

1 - Go to Start - Run - msconfig - startup - uncheck srvklw32.exe (restart your computer later)

2 - Kill all proseses svchost.exe. (Use cmd with the command shutdown-a to not quit. Otherwise, they come back)

3 - Delete the file by using cmd: del C:\Documents and Settings\YOUR-NAME\Start Menu\srvklw32.exe

4 - Reboot your PC and then it is gone.


U dont have any problems with Google Chrome or firefox!!

Greetz Mick

#3 ccsfresno

ccsfresno

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 18 July 2010 - 02:06 PM

After using SEP, Malwarebytes, IObit 360, ccleaner (removed a ton of stuff) I still had this particular bug left.
Using this procedure I removed it in less than 5 minutes.
Thank you very much for the direct and accurate description for removal.

#4 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:03:45 AM

Posted 18 July 2010 - 05:00 PM

A few pieces of advice for you folks. One, use Win patrol to monitor your startup entries since it is more reliable than msconfig. Tow, never touch anything made by IObit! Good work though, guys!

Regards,
Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#5 traveler21

traveler21

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 19 July 2010 - 02:02 PM

Hello reynald,

I have the same problem and i have done it differently.

1 - Go to Start - Run - msconfig - startup - uncheck srvklw32.exe (restart your computer later)

2 - Kill all proseses svchost.exe. (Use cmd with the command shutdown-a to not quit. Otherwise, they come back)

3 - Delete the file by using cmd: del C:\Documents and Settings\YOUR-NAME\Start Menu\srvklw32.exe

4 - Reboot your PC and then it is gone.


U dont have any problems with Google Chrome or firefox!!

Greetz Mick


I know that for most people on here this makes sense...but I'm really computer illiterate....I cannot seem to follow these directions....would someone please rewrite these in a way that someone with my lack of computer knowledge can understand? Thank you so much....this problem is just killing my computer.

Deb




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users