SVCHOST32.exe

DOES ANYONE KNOW HOW TO DELETE THE FOLLOWING VIRUS FILES FROM MY COMPUTER "SVCHOST32.exe" THE FOLDER NAME IS "Litmus "....

I have tried delete, but it tells me access is denied...
It keeps coming back though,,, a couple of times I did delete the entire folder, ran a virus check, and it was not there... but as soon as I reboot it appears again.....


PLEASE HELP!!!


THANK YOU,,,

 

you must be using mIRCclient?

based on the creation of the svchost32.exe file, my guess is that you have this trojan (or a variant) residing on your computer.

check out the tech details and removal instructs and see if any of it applies.

hth



mark

 

Can't Delete or Quarantine?

this is the message I get from AntiVirus program...

Unable to delete the file
C:\WINNT\litmus\SVCHOST32.exe
Make sure the file is not write-protected or
currently in use. On a network, varify that you
have propper access rights to delete the file.


Please Help.... what can I do...?????

 

Here it is:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.litmus.203.b.html

print these manual instructions

download the latest virus defs but do not run

boot to safe mode

Do the manual clean as directed

to insure it has not parked itsself it the temps do the following

Configure CleanMgr to max settings
Go to Start-Run and type

cleanmgr /sageset:1
The above need only be ran once (these settings will be remembered as the default until another sageset is ran).

It will present a menu select all except compress, then

Go to Start-Run and type

cleanmgr /sagerun:1
As long as /sageset above has been ran on this computer from now on the /sagerun is the only thing that needs to run.

Then run a full virus scan with norton

After rebooting back to full mode (if you are now parinoid) just to be sure get a 2nd opinion from one or both of these

http://www.bitdefender.com/scan/licence.php

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Mike

 

the reason i thought the poster might be infected with Backdoor.IRC.Zcrew is because of the creation of the svchost32.exe file... which is what is now on granja's system.

Backdoor.Litmus.203.b copies itself as %windir%\Random\Svchost.exe.

i think granja can view the symantec data and determine from the reg entries and other files just what infection exists.

my other concern is that granja does not have NAV, which changes things around considerably.

btw, mike, i have been conducting trial installations of KAV on a few operating systems... i really like that program, PLUS it found an archived email from three years ago that was infected with I-Worm.KakWorm, which blew me away because i must have run a thousand scans with NAV since then and no detection was forthcoming.



mark

 

He should look for both!

KAV huh!

How is its CPU load? Although Virus protection is primary this is definately my next concern.

I'll have a look!

Thanks Mark.

Mike

 

hey mike

good question. it sucked, to the point that w2k was being bogged down. i uninstalled KAV (actually i restored each os via drive image), and was ready to accept that KAV was incompatible with my systems, but then i was given an idea by a poster on dslreports...

why not keep NAV as memory resident and just install the scanner component of KAV? excellent idea! <g>

i went back and reinstalled KAV, this time *not* uninstalling NAV at all (but of course disabling it temporarily during KAV installation), making use of the custom installation feature which offers the choice of making KAV the mem resident or not (KAV calls it Monitor).

works like a charm!! zero memory load, no conflicts with NAV, let alone the other programs on my machines, and i get the full blown protection of KAV's deep, unpacking engine technology whenever i want to run a scan.

i couldn't be happier right now, having a back up AV with the reputation of Kaspersky, and being able to keep NAV right where i like it, which for me has been as my main, go-to antivirus program.

edit in: btw, this is all 30-day full version free trial stuff with KAV... most excellent.



mark

 

granja

regarding your private message....

first of all, your best chance for problem resolution here is via the main board and not via pm. on the main board, you get the help of many minds. in pm exchange with moi, you may not get the answers you need.

that said, i would refer you to your own post that says the problem file is svchost32.exe... "DOES ANYONE KNOW HOW TO DELETE THE FOLLOWING VIRUS FILES FROM MY COMPUTER "SVCHOST32.exe "

yet in the pm, quoted above, you mention trying to stop svchost.exe, which is a legitimate windows service that needs to run.

next i would advise you to refer to the directions for cleaning that both mike and i linked for you in previous posts. i would say that most, if not all, of what you require should be found there.

hth



mark

 

Same as Mark!

In reply to your email!

We have already told you what to do!

Uninstall IRC or MIRC, THEN do the below!

But here is more ammo for you to use!

A description
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=IRC_ZCREW.A&VSect=T

Online Virus scanners

http://housecall.antivirus.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

http://www.anti-trojan.net/at.asp?l=en&t=onlinecheck

Mike