Question

Locked

Virus or Spyware? Would someone please help me!

By cbeal11 ·
While in a transitional period between ISP's I decided to try PeoplePC for 5.99 per month.

Soon after installing it on my computer I received several blue screen warnings (they were bluescreen messages not system blue screens) regarding spyware, they came from Internet Explorer. After about the fourth warning, I was unable to get online. When you click the internet Explorer icon, the computer shuts down and upon start up I get a black box that says:

C:\Winnt\system32\svchost.exe
The following command was not found: firewall set allowed program % system root% \system32\scvhost.exe enable. On top of all of this, the computer won't shut down the normal way, I have to shut it down by turning off the power strip.

Does anybody know if this is something that can be fixed or has my computer been destroyed?

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

try to read this...

by theoutlawtorn70 In reply to Virus or Spyware? Would s ...

I hope this will help you,

http://ask-leo.com/svchost_and_svchostexe_crashs_cpu_maximization_viruses_exploits_and_more.html

Collapse -

THANKS SO MUCH FOR YOUR HELP!

by cbeal11 In reply to try to read this...

Hello, Outlaw!

Thanks for getting me started in the right direction! I know what I need to do now only because of you! And I think I can do it! Again, thanks so much and god bless you.

LOVE CHERYL

Collapse -

try to read this...

by theoutlawtorn70 In reply to Virus or Spyware? Would s ...

I hope this will help you,

http://ask-leo.com/svchost_and_svchostexe_crashs_cpu_maximization_viruses_exploits_and_more.html

Collapse -

Unless you have a typo in there...

by boxfiddler Moderator In reply to Virus or Spyware? Would s ...

meaning scvhost.exe istead of svchost.exe in the following lines
"The following command was not found: firewall set allowed program % system root% \system32\scvhost.exe enable." it appears that you could have been infected by the W32/Agobot-S virus. Check out the links below if you can. I have included a link to Symantec's removal instructions.

http://www.symantec.com/security_response/writeup.jsp?docid=2004-051816-5418-99&tabid=3

http://www.processlibrary.com/directory/files/scvhost/

http://www.neuber.com/taskmanager/process/scvhost.exe.html

Collapse -

THANK SO MUCH FOR HELPING ME!

by cbeal11 In reply to Unless you have a typo in ...

I don't know what I would do without the kindness of people like you!!! Thanks so much for helping me. I understand whats going on now and what I have to do. I just can't say thank you enough!!

LOVE CHERYL

Collapse -

your computer is not destroyed...

by operator1 In reply to Virus or Spyware? Would s ...

hi.
svchost is service host from microsoft and thats ok.problem is that you could rename ANY program to svchost(i did it with netcat) run it and in the process list of task menager you would see running svchost and not netcat.who knows maybe in this case it even runs under system account,i didnt check that(yet).so i guess in your case it can be anything running.And probably your computer wont shut down because this thing want to stay active.
Try to use system restore and try use date
before you install that peoplepc.you can also go to dos prompt type "sfc /?" to see how to use system file checker.You have also "tasklist" and "taskkill" commands.from tasklist you try to find PID of your SCVHost
and you kill it with "taskkill PID".this way you will kill it ONLY in current session.
since it is probably a trojan of some kind it
is for sure in the registry.
Then go to start->run and type regedit.
Once inside search the registry for scvhost since these things mostly install to various startup and run keys in the registry so they run with the system.Mostly but not limited to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run(check all run keys)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run(check all run keys)
and in all corresponding keys in HKEY_USERS.you follow the same pattern from above keys to get to run of each user.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
THIS IS HOW I WOULD DO IT MANUALLY.BE CAREFULL WHEN EDITING REGISTRY AND READ MORE ABOUT IT BEFORE YOU MAKE CHANGES. If you dont want to bother install other browser(dont import any settings from InternetExplorer go to web and use something like Spybot S&amp(http://www.spybot.info/)
Or finaly reinstall windows and forget about it.
Hope you will find solution that fits you
BYE

Collapse -

THANKS SO MUCH OPERATOR 1!

by cbeal11 In reply to your computer is not dest ...

Dear Operater1

I can't thank you enough for your help. I have not had a chance to get started working on this thing yet, but I will let you guys know how it turns out. I am sure with guys like you operator1, and the others that are coaching me and giving me all of this excellent advice, I will be able to clean up the virus!

I can't thank you enough, you have been so helpful! thanks again, I will let you know how it turns out, I'm sure it will be fine.

Cheryl

Collapse -

just let us know how it went...

by operator1 In reply to Virus or Spyware? Would s ...
Back to Malware Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums