Picture 23 svhost worm from AIM

Discussion in 'Malware Help (A Specialist Will Reply)' started by beaner, Mar 24, 2006.

  1. beaner

    beaner Private E-2

    I recently noticed a strange im from my sister, which contained a pif link for a picture. I DID NOT open it, but my boyfriend did something to put it on my desktop to see its complete address. He then deleted it and it was sent to my recycle bin. I was going through that same bin this morning to find a picture tha I had accidentally deleted, and I accidentally pressed on the file. It opened, and was sent to my C: WINDOWS drive. I knew it was a virus, so I ran Symantic AV, and Remove it Pro EX, but they found nothing. I then went into my C drive and deleted the "picture23..." file from my PREFETCH and WINDOWS folders, but svhost turned up in my Task Manager as running 3 seperate programs at the same time. Basically, the worm is in my registry and is running through my svhost program. I go to Penn State, and the IT person told me I'd have to reformat my computer, which I will probably mess up. Is there anything or anyone out there who can help me? :confused:
     
    beaner, Mar 24, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Are you sure it was svhost.exe you saw and not svchost.exe?

    svchost.exe is a Windows process and multiple (3 to 6) instances will be running most of the time.

    If you are sure you have malware issues, the best way for us to help you is given below. (Note: we rarely have to format but it does happen)

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     
    chaslang, Mar 25, 2006
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds