always create SVCHOST32.exe

  • Thread starter Thread starter Justus
  • Start date Start date
J

Justus

My pc always creates SVHOST32.exe under WINNT/Download , folder
i've tried delete using HijackThis, but it seems doesn;t work at all.
Also some strange Rundll32 under WINNT/Down folder
Any expert here know how to solve the problems?
Thanks in advance
Jongky
 
From: "Justus" <[email protected]>

| My pc always creates SVHOST32.exe under WINNT/Download , folder
| i've tried delete using HijackThis, but it seems doesn;t work at all.
| Also some strange Rundll32 under WINNT/Down folder
| Any expert here know how to solve the problems?
| Thanks in advance
| Jongky
|

You are infected.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
Have you cleaned out ALL your Temporary File areas?
Then remove the file svchost32.exe.
 
Dear Dave,

I'm running on Win2K, does it have a system restore as well?
I can't find it.
Thanks
Jongky
 
Dear Dave,

Both Trend Micro and Sophos failed to cleaned and moved the virus.
The virus are:

- Program Files/Commom files/Microsoft shared/MSinfo/Syrema.exe, Syremc.exe,
Syremd.exe, Syremf.exe
- Winntt/download/Svchost32.exe
- Winnt/down/rundll32.exe
 
From: "Justus" <[email protected]>

| Dear Dave,
|
| Both Trend Micro and Sophos failed to cleaned and moved the virus.
| The virus are:
|
| - Program Files/Commom files/Microsoft shared/MSinfo/Syrema.exe, Syremc.exe,
| Syremd.exe, Syremf.exe
| - Winntt/download/Svchost32.exe
| - Winnt/down/rundll32.exe
|

There is NO System Restore cache in Win2K as there is in WinXP and WinME.

So the infected files are...
Syremc.exe
Syremd.exe
Syremf.exe
Svchost32.exe
rundll32.exe

Plaese read the included PDF Help File. In it you will read about the included process
killer and the file; C:\AV-CLS\killproc.txt .

The objective will be to append the above five named EXE files to the list in that file and
then run the scanners again.

You can edit the file; C:\AV-CLS\killproc.txt when you run the Multi AV Scanning Tool and
when you see the menu hit the letter 'E' (or 'e').
 
Back
Top