[-RvNd-]

[FliRtY GuY-ShIvAm]

its a very gud info

[(.HeAvEn~LOrD.)]

gud info

[ASAL]

can u tel me how to get rid of svchost virus???

[-RvNd-]

Quote

can u tel me how to get rid of svchost virus???

svchosts.exe

svchosts.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

The svchosts.exe file is installed and used by SpyGraphica

SpyGraphica Description:

SpyGraphica is a commercial PC surveillance application that logs keystrokes and takes screenshots of user activity. It sends gathered data to a configurable e-mail address. SpyGraphica must be manually installed. It automatically runs on every Windows startup.

svchosts.exe Manual Detection

Below are manual removal instructions for svchosts.exe so you can remove the unwanted file from your PC. Always be sure to back up your PC before you modify anything.

Step 1: Use Windows File Search Tool to Find svchosts.exe Path

1. Go to Start > Search > All Files or Folders.
2. In the "All or part of the the file name" section, type in " svchosts.exe" file name(s).
3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4. When Windows finishes your search, hover over the "In Folder" of " svchosts.exe", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete svchosts.exe in the following manual removal steps.

Step 2: Use Windows Task Manager to Remove svchosts.exe Processes

1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
2. Click on the "Image Name" button to search for " svchosts.exe" process by name.
3. Select the " svchosts.exe" process and click on the "End Process" button to kill it.

Step 3: Detect and Delete Other svchosts.exe Files

1. To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3. To change directory, type in "cd name_of_the_folder".
4. Once you have the file you're looking for type in del "name_of_the_file".
5. To delete a file in folder, type in "del name_of_the_file".
6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
7. Select the " svchosts.exe" process and click on the "End Process" button to kill it.

if it waz scvhosts.exe, chk my reply 2 dis topic http://www.studentshangout.com/index.php?s...=107989&hl=

[ASAL]

good work rvnd mama...thnks for the help.....

[Hareen]

Good info re mama

[-RvNd-]

updating info...

Types of Computer Viruses

Boot Sector viruses: A boot sector virus infects diskettes and hard drives. All disks and hard drives contain smaller sections called sectors. The first sector is called the boot. The boot carries the Mater Boot Record (MBR). MBR functions to read and load the operating system. So, if a virus infects the boot or MBR of a disk, such as a floppy disk, your hard drive can become infected, if you re-boot your computer while the infected disk is in the drive. Once your hard drive is infected all diskettes that you use in your computer will be infected. Boot sector viruses often spread to other computers by the use of shared infected disks and pirated software applications. The best way to disinfect your computer of the boot sector virus is by using antivirus software.

Program viruses: A program virus becomes active when the program file (usually with extensions .BIN, .COM, .EXE, .OVL, .DRV) carrying the virus is opened. Once active, the virus will make copies of itself and will infect other programs on the computer.

Multipartite viruses: A multipartite virus is a hybrid of a Boot Sector and Program viruses. It infects program files and when the infected program is active it will affect the boot record. So the next time you start up your computer it'll infect your local drive and other programs on your computer.

Stealth viruses: A stealth virus can disguise itself by using certain tactics to prevent being detected by antivirus software. These tactics include altering its file size, concealing itself in memory, and so on. This type of virus is nothing new, in fact, the first computer virus, dubbed Brain, was a stealth virus. A good antivirus should be able to detect a stealth virus lurking on your hard drive by checking the areas the virus infected and evidence in memory.

Polymorphic viruses: A polymorphic virus acts like a chameleon, changing its virus signature (also known as binary pattern) every time it multiples and infects a new file. By changing binary patterns, a polymorphic virus becomes hard to detect by an antivirus program.

Macro Viruses: A macro virus is programmed as a macro embedded in a document. Many applications, such as Microsoft Word and Excel, support macro languages. Once a macro virus gets on to your computer, every document you produce will become infected. This type of virus is relatively new and may slip by your antivirus software if you don't have the most recent version installed on your computer. .

Active X and Java Control: Some users do not know how to manage and control their web browser to allow or prohibit certain functions to work, such as enabling or disabling sound, pop ups, and so on. Leaving your computer in danger of being targeted by unwanted software or adware floating in cyberspace.

reply even if u dint lyk my posts :p

[K@NIK@]

GOOD WORK EXCELLENT

[χтяємє ∂єѕι]

very informative thanQ

keep updating with latest viruses

[.ThUnDeR.]

hello aravind i hav found seete.exe and smelf.exe viruse in system , i am not able to heal it thru avg , i hope u will tel me something helpful

[-RvNd-]

Quote

hello aravind i hav found seete.exe and smelf.exe viruse in system , i am not able to heal it thru avg , i hope u will tel me something helpful

The viruses affecting your computer is seete.exe and smfelf.dll I think thunder :huh: and both are so new that and active that most antiviruses dont even recognise them :p
here is sum info abt dat bro.. :p

Process Name Process Filename Main Module Size
seete.exe %Temp%\seete.exe 94,208 bytes
smfelf.dll %System%\smfelf.dll Process name: IEXPLORE.EXE

You can get rid of seete.exe by ending its process in the task manager and then manually deleting it from the %temp% folder.

smfelf.dll launches with the help of the task explorer.exe.
You can use this technique to delete the virus.

Quote

1. Open a Command Prompt window and leave it open.

2. Close all open programs.

3. You now need to close EXPLORER.EXE. The proper way to shutdown Explorer is to raise the "Shut Down Windows" dialog (select "Shut Down..." from the start menu), hold down CTRL+SHIFT+ALT and press the CANCEL button. Explorer will exit cleanly.

Note: The <CTRL+SHIFT+ALT> at the 'Shut Down Windows' dialog method of closing Explorer is built into Explorer. (It was specifically designed so that developers writing Shell Extensions could get Explorer to release their Shell Extension DLLs while debugging them).

4.Go back to the Command Prompt window and change to the directory where the undeletable file is located in. At the command prompt type DEL <filename> where <filename> is the file you wish to delete.

5.Go back to Task Manager, click File, New Task and enter EXPLORER.EXE to restart the GUI shell.

6.Close Task Manager.

I hope this did the job dude. If any more problems arise, please let me know.

[.Peter Parker.]

gr8 buudy

good info...........

:good: fabulous work!!!!!!!!!!

[**PR!NC3$$**]

very useful info
thanq

[.ThUnDeR.]

thanx yaar thanq very much

[shahrukhforu]

hi rvnd, my comp. is affected by rundll.exe virus .... whenever i delete it..it again comes in the system process ...after restarting.....can u tell me how to remove it....permanently without reinstalling my os..

[-RvNd-]

shahrukhforu, on Sep 2 2008, 04:47 PM, said:

hi rvnd, my comp. is affected by rundll.exe virus .... whenever i delete it..it again comes in the system process ...after restarting.....can u tell me how to remove it....permanently without reinstalling my os..

ur system is affected wid backdoor-ss. It makes the job of hackers vry easy 2 access ur system...better del it soon dude :p

Backdoor-SS

Overview -


This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Aliases
Backdoor.LittleWitch
Backdoor.LittleWitch.B (Symantec)

Characteristics -


This threat is a Low risk and Profiled in the following Tech Live article Wicked Code Emerges for Halloween.

There are many variants of this remote access trojan. This description is meant to be a guide. When this trojan is run it may copy itself to the WINDOWS SYSTEM (%SysDir%) directory as Rundll.exe. The following regsitry key is created to load the trojan at startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
\RunServices\Rundll=Rundll.exe
Other registry keys may include:
HKEY_CURRENT_USER\Software\Msn\Date=%Date_Run%
HKEY_LOCAL_MACHINE\Rundll=Rundll.exe
The trojan sends an ICQ pager notification to the author/configurator. This provides the attacker with the necessary information to connect to the compromised system remotely. A .DAT file is created to store trojan information, %WinDir%\usr.dat.

Once infected, a remote attacker can connect to the compromised system to perform various tasks, such as:
Chat
FTP functions
Retrieve logged keystrokes
Retrieve cached passwords
Open/close CD-ROM door
Retrieve configured email account information
Retrieve system information (CPU speed, RAM, Drive space, etc)
Open a remote command console
Swap mouse buttons
Open URLs
Hide/Show
Kill processes
Change screen resolution
Capture screen shots
Play sounds
Shutdown/restart Windows

Symptoms -

TCP Port 31,320 being left opened.
Method of Infection -

Trojans often come disguised as a desired program, but they do not propagate on their own. Once the trojan is run, it installs itself on the local system, and allows a remote attacker to perform various functions.

Manual Removal Instructions

Delete the registry key(s) as mentioned above
Information on deleting registry keys
Restart the computer
Delete the files mentioned above

if dis dint work, try starting ur pc in safe mode n thn use registry mechanic 2 repair ur registry :p

i hope dis worx dude..if u hav any prob abt dis...do lemme noe

[Sho's Immortal Member]

:good:

U R HELPING PEOPLE!

[secretagent89]

Thanks helpful info

[.Ami.]

nice work going on here :)