The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

SVCHOST Virus !!

Posted 2/3/2010 5:48 PM
#82600
User avatar

hazem Member

Date Joined Nov 2016
Total Posts: 1
I think I am having a SVCHOST Virus since I get an error message that says : " windows cannot find c:\documents and settings\locals\temp\svchost.exe "
this is my hijackthis log
plz help me
Post attachments:
Posted 2/23/2010 3:22 PM
#83180
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
if your problem still exisst.
post a combofix logfile:
https://www.bleepingcomputer.com/combofix/how-to-use-combofix
Posted 4/23/2011 3:07 PM
#91412
User avatar

Helder Member

Date Joined Nov 2016
Total Posts: 2
That sounds like registry has the entry call up that virus which apparently is no longer in the Temp folder, use a registry cleaner and it should get rid of that message unless you can find it yourself in the Registry and delete it. Use TFC to clear out all Temp Folder contents just to be sure there is nothing in there https://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ .
Posted 6/26/2011 7:12 AM
#91759
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
As already mentioned it's the loading point that is still calling for the bad file to load hence the error. Fixing the entries in Hijackthis should stopped the error.

Run Hijackthis again and fix these entries in Hijackthis:

F3 - REG:win.ini: load=C:\DOCUME~1\7azem\LOCALS~1\Temp\svchost.com
F3 - REG:win.ini: run=C:\DOCUME~1\7azem\LOCALS~1\Temp\svchost.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\fdisk.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [HotKey] C:\Documents and Settings\7azem\Templates\cache\vmx.exe
O4 - HKLM\..\Run: [User Agent] C:\WINDOWS\system32\fdisk.com
O4 - HKCU\..\Run: [HotKey] C:\Documents and Settings\7azem\Templates\cache\vmx.exe
O4 - HKCU\..\Run: [User Agent] C:\DOCUME~1\7azem\LOCALS~1\Temp\svchost.com


Then run ComboFix as already suggested or run MalwareBytes and do a quick scan. Post the logs please.
Malwarebytes
https://www.malwarebytes.org/mbam-download.php
* You may pm me if you're still waiting for my follow-up post.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, July 7, 2022, 12:56 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,684 registered members. Please welcome our newest member, james44.
65 Guest(s), 0 Registered Member(s) are currently online.