Msblasted

Printable View

August 13th, 2003, 07:27 PM
Tacklebox

Msblasted

Hi All,
I'm just getting over an msblast attack. I was able to
get rid of it, however when the PC boots up it takes an
unusually long time to load user profiles and I get a pop
up (cmd type) looking to run the svhost exe. I checked
the system32 folder against a machine that hadn't been
infected and the svhost is not in the clean pc. I tried
removing it from the system32 folder and rebooting, but
it still runs during startup.

Any Suggestions?

Thank You

TB
.

Also, the svchost is where it should be
August 13th, 2003, 09:51 PM
geoscomp

Try using the symantec repair tool to clean things up

available here
August 13th, 2003, 10:41 PM
houseisland

The repair utility works quite well. Just make sure you read the instructions and disable system restore before running it.
August 14th, 2003, 07:19 AM
Tacklebox

Thanks- I'll try running that tonight and see what happens.

I tried deleting svhost from the registry and the system32 folder and rebooting, but it appears something is regenerating this file.http://www.striped-bass.com/vbulleti...w/wallbash.gif

I'll let you know how I make out.
August 14th, 2003, 07:26 AM
NooNoo

svchost is a windows file. It will regenerate it.

Did you follow the instructions - to the letter in Geoscomp's link?
August 14th, 2003, 07:41 AM
Tacklebox

Does the svhost have the same characteristics as svchost enabling it to regenerate?

I'll try Geoscomp's suggestion this evening when I get home.

Thanks Noo
August 17th, 2003, 09:59 AM
Tacklebox

Found It

I discovered that svhost file was planted in my all users startup file. I deleted it from there , system32, and cleaned it out of the registry and rebooted with no problems. So, if anybody else has this problem, this is how I corrected it.
August 17th, 2003, 10:27 AM
Matridom

svhost.exe is a planted file, svchost.exe is the windows file. Glad you got it all sorted out.