Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have svchost.exe help me get rid


  • Please log in to reply
1 reply to this topic

#1 SPrince

SPrince

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 07 September 2010 - 04:12 AM

Iam so stressed, I move to uni this week. I have only just bought a notepad. I have spent hours putting things on it like pics etc.

I recieved a warning from windows yesterday. It said abode photoshop was a trojen horse. Now abode I recieved free with the notepad.
My brother does IT at college, I don't know much about computers so I listened to him when he said click on scan online. It all looked legit.
It was 'searching' for the free antivirus programmes that could delete trojen horses.

I downloaded antispy safeguard.. DO NOT DOWNLOAD THIS, IT IS FAKE. IT WILL NOT LET YOU GO ON THE INTERNET, DO CRTL ALT DEL, AND MAKES MANY HIDDEN FILES.
It tried to make me buy their 'programme'

Luckily I have another computer in the house, on there the internet informed me it was fake and what to do.
I managed to delete these files:
HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "tmp"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "SelfdelNT"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%UserProfile%\Application Data\antispy.exe"
C/windows/tasks/at1job and at2job and at3job
C/doc+set/myname/localset/temp/86.exe

the one that I can't get rid of is C/doc=set/myname/localset/temp/svchost.exe

Is that all of the files deleted, is this the only one left?
When I try delete it it says: delete of file denied disk not full or write protected and your not using the file
I tried to cut and paste it into the recycle bin but that won't work.
Someone please help! :thumbsup:

BC AdBot (Login to Remove)

 


#2 Driesiooo

Driesiooo

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 07 September 2010 - 06:14 AM

Hello.

I think it's best for your computer, to threat that infection. Just follow the steps on http://www.bleepingcomputer.com/forums/topic34773.html (Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help).

When post your (Hijackthis log +) DDS Log:
  • Do not post it at this topic or this forum but on http://www.bleepingcomputer.com/forums/forum22.html
  • Be patient, it's very busy at this forum.
  • A professional expert will view your logs and will help you with that problem.
  • Do not use tools (like ComoFix) without professional experience/helper.
Good luck.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users