Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 Rayo


  • Members
  • 2 posts
  • Local time:12:19 AM

Posted 18 October 2006 - 10:08 AM

This is Rayo.

System Specifications:
Operating System: Win XP Pro SP2
RAM: 128MB
Processor: P3
Internet connection: No Connection

My computer is infected with SERVICEMGR.EXE. When ever i turn on my computer it also starts the SERVICEMGR.EXE process in the startup. Which makey my computer very slow. All the .exe icons change to SERVICEMGR.EXE.

I tried to to remove the SERVICEMGR.EXE key from the Run, and other folders in Registry and also tried removing the file from c:\windows\system32\ from the safemode. But when i restart the computer the SERVICEMGR.EXE is back again.

It also will not allow many programs. Have run the spyware scan nothing is detected.
Also tried fromating the drive and reinstall OS still the same issue.

Please Guide me to remove this virus manually as i don't have internet connection.


BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,051 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:49 PM

Posted 19 October 2006 - 08:55 AM

Hello Rayo

What type of anti-virus are you using and when was the last time you ran a scan? Have you performed any anti-spyware scans? Have you tried doing your scans in "SAFE MODE".

If so, and that has not helped then your going to need access to another computer (family, friend) with Internet access. Then download the following programs and save to a USB stick or CD:
Sysclean Package.
Virus Pattern Files (lptXXX.zip).
If your running Win XP/2000, download and scan with AVG Anti-Spyware 7.5 in "SAFE MODE".
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware). Be sure to print out the AVG Anti-Spyware Install-Scan Instructions.
HijackThis 1.99.1. This is a self-extracting version (hijackthis_sfx.exe) which will automatically install HJT in the proper location if we need to use it.

Transfer all these programs to the infected computer. Install AVG Anti-Spyware following the instructions you printed out but do not perform a scan yet.

For the Sysclean Package do this:
1. Create a new folder on drive "C:\" ("C:\New Folder") and rename it Sysclean.
2. Place the sysclean.com inside that folder.
3. Extract the lptXXX.zip pattern file into the same folder you created for sysclean.com.
4. Close all open applications and DISABLE your current anti-virus software. Some anti-virus programs such as Avast will alert you to a virus attack when running sysclean so it's best to disable them first.
Note: When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have the rights to scan some locations resulting in Access is denied log entries.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware, following the instructions you printed out for scanning in safe mode.

Then open the Sysclean folder and double-click on sysclean.com to run. It will take some time to complete. Be patient and let it clean whatever it finds.

Scan with DrWeb-CureIt as follows:
1. Double-click on drweb-cureit.exe to start the program.
2. An "Express Scan of your PC" notice will appear. Under "Start the Express Scan Now", Click "OK" to start.
3. Click "Select drives" and then click the "Start/Stop Scanning" button (green arrow on the right) to start.
4. When done a message will be displayed at the bottom advising if any viruses were found.
5. A log file will be created in C:\Documents and Settings\username\DoctorWeb\CureIt.log
6. Any quarantined files will be sent to C:\Documents and Settings\username\DoctorWeb\Quarantine.
7. Exit the program and reboot normally.

Finally, make sure you re-enable your anti-virus program.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users