Originally Published 2005-09-11 06:48:32
Simple Removal of this one! (yay)
MS Antispyware catches it, but the crappy Spyware engine is smart enough to keep renaming itself. My guess is that it links itself somehow to you svchost processes or one of the network related services. At any rate, here's the fix:
- Install MS Antispyware and make sure the definitions are up to date (if you did this and left all the default settings as-is, you're fine.
- Launch in safe mode, without networking.
- Check the task manager and disable anything that you don't recognize. If this doesn't make sense to you, make a list and google each of the processes. If the first link or two in your search results indicates that it's spyware or adware, use "end process" to kill the task. If there are NO search results, kill it, because this insidious little software package generates a random string for itself -- something that even mighty google might not have cataloged in some form. For this particular trojan, it should already be disabled by the safe mode boot, so if you're feeling lucky, just skip this step.
- Run MS Antispyware set for full scan. That means you need to check off all the boxes in your scan options.
- Wait a half hour and reboot normally when finished.
- Send me an email or comment telling me that this helped.
Happy spyware zapping!
On 2005-12-16 05:45:34 Mark said:
I have tried this over and over and still I have it everytime I restart or turn on computer any other ideas for a fix. Not even Norton is catching thisone
On 2009-08-17 02:30:14 Svchost.exe troubleshooting said:
You can check whether svchost.exe is exploited with a Powershell script, which can help in some cases: http://www.gfi.com/blog/exploring-svchostexe-part-3/