Recommend
3 
 Thumb up
 Hide
9 Posts

BoardGameGeek» Forums » Everything Else » Chit Chat

Subject: Google Chrome and SVCHOST virus rss

Your Tags: Add tags
Popular Tags: [View All]
David Dixon
United States
Mauldin
South Carolina
flag msg tools
badge
Avatar
mbmbmbmbmb
Let's say, Chit-Chat, hypothetically of course, that despite my pretensions of being a savvy citizen of the internet since the days of DOS and of being hip and with it, that actually, I still used Internet Explorer like any other regular schlub.

Let's further say that I somehow acquired an SVCHOST virus that neither my anti-virus software (Webroot) nor my trusty standby (Malwarebytes) can seem to get rid of, although they can detect it and tell me they'll try but it's always back. Let's say, additionally, that this was also a Google redirect virus, so my usual method of hunting down answers to computer problems was unavailable and Yahoo was no help (as it hasn't been since about 1998).

How would I fix such a hypothetical problem.

Also, hypothetically of course, if I were still using IE and I switched to Chrome, would I be any better off from a security perspective?

Diis

PS: Just in case you couldn't tell, I'm definitely not still using IE, no way man, I'm waaaaayyy too cool for IE... this is for a friend.

PPS: Not me.

PPPS: Really.
5 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Blorb Plorbst
United States
Bloomington
Indiana
flag msg tools
badge
I think we're all bozos on this bus.
Avatar
mbmbmb
http://www.ubuntu.com/download/ubuntu/download
6 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
David Dixon
United States
Mauldin
South Carolina
flag msg tools
badge
Avatar
mbmbmbmbmb
CrankyPants wrote:


Fair enough... but lets say, hypothetically, that for some strange reason I kinda like Windows 7...

(Although I do already have Ubuntu downloaded to run on an older laptop when I get around to it so if I really like it, I may switch...)

Diis
2 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Joe
United States
Atlanta
Georgia
flag msg tools
badge
Avatar
mbmbmbmbmb
Last resort:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/anti-virus/combofix


Careful using it. It can be like brushing your teeth with a firehose.
4 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Todd Warnken
United States
Harrison
Ohio
flag msg tools
I'm not crazy. My mother had me tested.
badge
Happy grandfather!!!
Avatar
mbmbmbmbmb
Diis wrote:

How would I fix such a hypothetical problem.


High explosives?
2 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Rich Shipley
United States
Baltimore
Maryland
flag msg tools
badge
the liberal unsavory type
Avatar
mbmbmbmbmb
I had a rootkit virus just like that earlier this year. Still have no idea where it came from. I had to use TDSSKiller to completely remove it:

http://support.kaspersky.com/faq/?qid=208283363
4 
 Thumb up
5.00
 tip
 Hide
  • [+] Dice rolls
Scott A. Reed
United States
Lawrence
Kansas
flag msg tools
badge
Avatar
mb
Helpful? http://www.ehow.com/how_5132341_remove-svchostexe-virus.html

Instructions
1 If the operating system of the infected computer is either Windows Me or Windows XP, turn off System Restore while this fix is being implemented. To turn off System Restore within Windows Me, click Start > Settings > Control Panel. Double-click "System." Select "File System" from the Performance tab. Left click the "Troubleshooting" tab and check the "Disable System Restore" box. Click "OK."

To turn off System Restore within Windows XP, log in as Administrator and click "Start." Right click "My Computer" and select "Properties" from the shortcut menu. Check the "Turn off System Restore" option for each drive on the System Restore tab. Left click "Apply" and "Yes" to confirm when prompted. Click "OK."

2 Restart your computer in Safe Mode and log in as Administrator. Press "F8" after the first beep occurs during start up, before the display of the Microsoft Windows logo. Select the first option, to run Windows in Safe Mode from the selection menu.

3 Access the command prompt. Click Start > Run. Type "cmd." Click OK > CD (change directory) from the command prompt, press the space bar.

Type the name of the full directory path of the folder containing your Windows system files. It will be either "C:\Windows\System" or "C:\Windows\System 32."

4 From the command prompt, type the following to unprotect the files for removal:

"attrib -h -r -s scvhost.exe" and press "Enter;"

"attrib -h -r -s blastclnnn.exe" and press "Enter;"

"attrib -h -r -s autorun.inf" and press "Enter."

5 Delete the files by typing the following from the command prompt:

"del scvhost.exe" and press "Enter;"

"del blastclnnn.exe" and press "Enter;"

"del autorun.ini" and press "Enter."

6 Type "cd\" to return to the main Windows directory.

Unprotect and delete the Autorun.inf file by typing the following from the Windows directory command prompt:

"attrib -h -r -s autorun.inf" and press "Enter;"

"del "autorun.inf" and press "Enter;"

Type "regedit" and press "Enter" to open the Registry Editor.

7 Locate the following entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.

Delete the incorrectly spelled Yahoo! Messenger entry with the value

"c:\windows\system32\scvhost.exe."

8 Locate the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.

Within the key, there is a "shell" entry with the value of "explorer.exe, scvhost.exe". Edit the entry to remove the reference to Scvhost.exe, leaving Explorer.exe as the remaining value in the registry entry.

9 Locate the following key:

HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>

Delete the following subkeys from the left panel:

RpcPatch

RpcTftpd

Exit the command prompt and return to the operating system. Type "Exit," and press "Enter."

10 Reboot the PC.

If Scvhost.exe still resides on the computer, repeat these steps or try using an automatic removal program from McAfee or Symantec (see links in References).
3 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
David Dixon
United States
Mauldin
South Carolina
flag msg tools
badge
Avatar
mbmbmbmbmb
rshipley wrote:
I had a rootkit virus just like that earlier this year. Still have no idea where it came from. I had to use TDSSKiller to completely remove it:

http://support.kaspersky.com/faq/?qid=208283363


Thanks much--I'd tried the manual approach earlier (and I've used registry edits before to get rid of things), but I still couldn't get it to work.

This did.

Diis
2 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Rich Shipley
United States
Baltimore
Maryland
flag msg tools
badge
the liberal unsavory type
Avatar
mbmbmbmbmb
Diis wrote:
rshipley wrote:
I had a rootkit virus just like that earlier this year. Still have no idea where it came from. I had to use TDSSKiller to completely remove it:

http://support.kaspersky.com/faq/?qid=208283363


Thanks much--I'd tried the manual approach earlier (and I've used registry edits before to get rid of things), but I still couldn't get it to work.

This did.

Diis


Cool! Glad my miserable experience was useful.
2 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Front Page | Welcome | Contact | Privacy Policy | Terms of Service | Advertise | Support BGG | Feeds RSS
Geekdo, BoardGameGeek, the Geekdo logo, and the BoardGameGeek logo are trademarks of BoardGameGeek, LLC.