Other > Viruses and worms

c:\windows\system32\svchost.exe Rootkit ;-(

<< < (23/34) > >>

REDACTED: Pierre Bulle, félicitations ! En suivant tes conseils, j'ai réussi à éviter la nième installation de Windows. Franck :)

TAG: Pierre bulle. Je dois dire que j'ai eu le même problème le 3 juin et voila 48 heures que je m'arrache les cheveux. Après avoir perdu mon temps à remettre en place un autre poste pour pouvoir travailler, j'ai lu attentivement tes posts et j'avoue avoir effectué ta procédure et comme par magie le poste fonctionne de nouveau normalement. Je suis sous XP sp1. J'ai suivi ta procédure en mode normal et tout est ok (je n'ai pas encore rebranché les connexions réseau et web). Une chose est certaine, j'abandonne AVAST et poste un mail à tous mes contacts pour les avertir du problème ! Un grand merci. xxxxxxxxxxxxxxxxxxxxxx La seule chose est que pour copier ton svchost.exe, je n'avais pas accés à ctrl+alt+supp .... donc je suis passé par Démarrer - éxécuter puis tapé "CMD" et enfin éxécuté la commande que tu indiques copy e:\svchost.exe c:\windows\system32 en sachant que mon cd est en e: Merci encore. For our "english speaking friends" Thanks to you for your help. I have followed all your information and My computer works normally. After having copied the svchost.exe using the start-execute window, CMD (return) and done "copy e:\svchost.exe c:\windows\system32". Then I cliked on all the reg files. Just be informed that I did it in normal mode with a XP pro SP1. I thing is sure. I stop avast ! Thanks again (sorry for my poor english from France !)

PiotrW: Well, the patches didn't work for me. I used the Russian patch, I also ran WinSocksFix... and my Internet connection is still down! Any other advice, people..?

igor: Knowledgebase articles for French and Russian OS have been posted on support.avast.com. So, if you are affected, please check here.

polonus: Hi malware fighters, A method to repair this, if this does not cure all problems try: Verify Windows Update Service Settings     * Click on Start, Run and type the following command in the open box and click OK       services.msc     * Find the Automatic Updates service and double-click on it.     * Click on the Log On Tab and make sure the "Local System Account" is selected as the logon account and the box for "allow service to interact with desktop" is UNCHECKED.     * Under the Hardware Profile section in the Log On Tab, make sure the service is enabled.     * On the General Tab, the Startup Type should be Automatic, if not, drop the box down and select Automatic.     * Under "Service Status" on the General tab, the service should be Started, click the Start button enable it.     * Repeat the steps above for the service "Background Intelligent Transfer Service (BITS)" Re-Register Windows Update DLLs     * Click on Start, Run, and type CMD and click ok     * In the black command window type the following command and press Enter       REGSVR32 WUAPI.DLL     * Wait until you receive the "DllRegisterServer in WUAPI.DLL succeeded" message and click OK     * Repeat the last two steps above for each of the following commands:       REGSVR32 WUAUENG.DLL       REGSVR32 WUAUENG1.DLL       REGSVR32 ATL.DLL       REGSVR32 WUCLTUI.DLL       REGSVR32 WUPS.DLL       REGSVR32 WUPS2.DLL       REGSVR32 WUWEB.DLL Remove Corrupted Windows Update Files     * At the command prompt, type the following command and press Enter       net stop WuAuServ     * Still at the command prompt,       type cd %windir% and press Enter     * In the opened folder, type the following command and press Enter to rename the SoftwareDistribution Folder       ren SoftwareDistribution SD_OLD     * Restart the Windows Update Service by typing the following at the command prompt       net start WuAuServ     * type Exit and Press Enter to close the command prompt Reboot Windows     * click on Start, Shut Down, and Restart to reboot Windows XP Disable system protection and then Run a System File Checker (sfc.exe), this will scan all protected Windows files to verify their versions have not been overwritten or damaged, and if so will replace the compromised version with a fresh copy. To run it, click Start/Run and type 'sfc.exe /scannow' (without the quotes but with the space between the 'e' and the '/'). Alternatively, you can click start/Run and type in CMD and click O.K., when the black window opens type in "sfc /scannow". You will need to insert your Windows CD into the drive to enable sfc to effect the repair. Sfc.exe will just stop without any other sign than the statusbar is gone! And remember, never ever delete svchost.exe again, do not even think about it, Damian

Navigation

 Message Index

Next page

Previous page

Go to full version