c:\windows\system32\svchost.exe Rootkit ;-(

[Dmitrii]

There is an information that installation of SP3 helps.

[Dmitrii]

Hi,  all !!!

I repaired my machines by this way:

1. Your must be an administartor on your computer (for work whith registry, to open flashdrive whith files)
2. If nothing work (copy, paste, your have about 18 services (in control panel-administration-services) instead about 60-70) then take:  http://rapidshare.com/files/120043843/avast.rar   and run everything from it.

Attention!!! This archive contain svchost.exe from russian Win XP, i'm not sure that it will work in your system, insert there svchost.exe from your system.
Reboot. The system must work for 90% (some services still not work)
3. I have russian WinXP, in English it must be:  Programs\Standart\services?\system restore (restore system?) and you can restore system to previous check point. I made to 2 june 2008. 
many people don't know or forgot about this option in XP. (the hidden folder 'System Volume Information' on each drive exactly for it)
Good luck!

p.s. If this option is disabled in your system (it enabled by default in WinXP) then it's bad. Try another way's. May be installation SP3.

[Dmitrii]

polonus, your are not right

1. many people just a users and does't know this things.
2. of course system admins must to know it, but they can have many machines whith many users and can't talk it to everybody.
3. I know many places where Avast! did it whithout the questions.

Sorry, it's your mistake guies.

It's the second situation in my practice. (The first was with user32.dll. I just restored it, but i know peoples who reinstall the system)

But i like Avast! all the same !!!

But i don't know will my boss let me buy it to another year? (we have 50 machines)

[PiotrW]

As I wrote in my own thread, I suffered from Avast's mistake, too.

To good people making Avast: sorry, guys, but you really *owe* us an explanation. I understand that no program is perfect, other programs suffer from FPs too. But as you see, really a lot of people were affected by Avast's mistake. That really warrants some official comment on your side - only if to say "Sorry, we're not screw up again".

And Polonus - you really can't expect all Avast users to be proficient in computer matters. Heck, I'm not green to those things myself, but I still managed to get fooled by Avast. So, "You should've checked the forum before doing anything" is *not* a right answer.

And BTW. I'd really be helpful if someone adviced me how to get my Internet connection back online...

[fonzy44]

Hi,

I think the best thing Avast has to do for the future, is to add an UNDO function in Avast, at least for last operation, so any user facing this kind of problem, and what will be his computer level, will be able to "repair" his computer himself.

But from now, avast doesn't communicate about this problem, and the more stupid thing is that on their main website page their put a disinformation about selling a false antivirus, but none about any tutorial to help user restoring their system ... 

Ok, now Avast team will do anything or he will loose many customers cause if there is no change on the mainpage of your website, I will give this information on all computer press website I know.

And remember, that what will happens will be the result of your silence.

[kostik]

Je comprends pas mais le rar ne fonctionne pas non plus
J'ai mis l'autoextractible sur megaupload

http://www.megaupload.com/fr/?d=DWCFOOBF

Je l'ai chargé et la ca marche

Salut Pierre,

Comment tourne exactement ton correctif ?
comme tu le sais sûrement, la fonction copier/coller est devenue inopérante avec ce souci, de même que la connexion à Internet.
Aussi, est-il possible de graver ton correctif sur CD et de l'executer à partir du CD sur la machine infectée ?

Merci.

[Dmitrii]

fonzy44

The UNDO function is present in XP yet !
The system make incremental points at any critical changes.
Just run restoration, there will be a calendar, choose a day before 3 june and press restore. Win will be rollbacked to previouse state!

It's a cool gymnastic to my brain to print in english Sorry for mistakes

[kostik]

Hi,  all !!!

I repaired my machines by this way:

[/size]

1. Your must be an administartor on your computer (for work whith registry, to open flashdrive whith files)
2. If nothing work then take:  http://rapidshare.com/files/120043843/avast.rar   and run everything from it. Reboot. The system must work for 90% (some services still not work)
3. I have russian WinXP, in English it must be:  Programs\Standart\services?\system restore (restore system?) and you can restore system to previous check point. I made to 2 june 2008.  And everything works !!!!
many people don't know or forgot about this option in XP. (the hidden folder 'System Volume Information' on each drive exactly for it)
Good luck!

p.s. If this option is disabled in your system (it enabled by default in WinXP) then it's bad. Try another way's. May be installation SP3.

Hi Dmitrii,

when you say "if nothing work"...what do you mean ?
Bcause...on my computer, Internet is dead, Cut & paste is impossible, no quick launch bare, etc etc. So, do you considere that "nothing work" on my computer ? Must I download http://rapidshare.com/files/120043843/avast.rar   ? However, seen that the corupted computer has no longer access to the web, i must download it on my second computer, burn it, and execute it from the CD on my corupted computer (bcause cut&paste impossible). Is this ok ? Is possible the execution from CD ?

Tks

[fonzy44]

Hi,

I don't speak about an UNDO function inside XP as some users has disabled this functionality, but an UNDO function inside Avast, which should be able to undo any operation as ... restoring some registry keys it has deleted ...

Fonzy.

[Dmitrii]

kostic  Ты по русски не можешь случайно? (Do you understand russian? I mean your nik.)
Yes i exactly mean your case.

Download archiv from another computer.
You can copy it to your machine due to flashdrive or CD.(i made by flashdrive)
The archive containes .bat file which copy svchost to windows\system32 and 3 .reg files which contains registry entries which allows services whith svchost to startup. After that you will take semi-worked system whith main services. But something doesn't work(for example my machine doesn't see other computers in domain, etc.)

After that you can to run system restore.  I have no english WinXP near, it's in Programs\standart\Services?\.

Regards

[kiwoui]

Je comprends pas mais le rar ne fonctionne pas non plus
J'ai mis l'autoextractible sur megaupload

http://www.megaupload.com/fr/?d=DWCFOOBF

Je l'ai chargé et la ca marche

Salut Pierre,

Comment tourne exactement ton correctif ?
comme tu le sais sûrement, la fonction copier/coller est devenue inopérante avec ce souci, de même que la connexion à Internet.
Aussi, est-il possible de graver ton correctif sur CD et de l'executer à partir du CD sur la machine infectée ?

Merci.

Bonjour tout le monde,

L'archive en téléchargement à résolu tous les problemes
(il suffit de double cliquer sur tous les fichiers qui en font parti)

French guys are the best !

[Dmitrii]

Best weshes to french guys !!! 

But unfortunately i don't understand his posts 

 

[Boglen]

Dmitrii эти пендосы деревянные как пробка 
Я вот не додумался проверить, аваст убивает только одну версию свчоста или любую.
Может так статься что твой комплект поставят на рабочую станцию с немного другой версией системы и тогда все окончится bsod ом..

[Dmitrii]

fonzy
Your are right, the chest must restore not only files, but registry entries too, if they been modified.

[kostik]

Je comprends pas mais le rar ne fonctionne pas non plus
J'ai mis l'autoextractible sur megaupload

http://www.megaupload.com/fr/?d=DWCFOOBF

Je l'ai chargé et la ca marche

Salut Pierre,

Comment tourne exactement ton correctif ?
comme tu le sais sûrement, la fonction copier/coller est devenue inopérante avec ce souci, de même que la connexion à Internet.
Aussi, est-il possible de graver ton correctif sur CD et de l'executer à partir du CD sur la machine infectée ?

Merci.

Bonjour tout le monde,

L'archive en téléchargement à résolu tous les problemes
(il suffit de double cliquer sur tous les fichiers qui en font parti)

French guys are the best !

Tu fais cela en mode sans échec ?
La seule manip consiste à double cliquer sur tout ce qu'il y a dedans ? ça marche même si ce truc est sur CD ?
Tout redevient normal apres redemarrage ?

Merci

Dmitrii : No, i'm not russian, and i don't understand this language
However, my nick has a russian conotation. It's deliberate. Moreover, in french, "kostik" = "caustique" = caustic.

So i'll try the french solution, and the russian one if the french doesn't works.