Hi guys, I need help. My colleague got his workstation infested. After thorough checking of his workstation I have concluded that it was infested by a malware, the initial symptoms are weird and garbled character message on yahoo messenger and weird garbled message appearing on spreadsheets which is very annoying. This malware also disabled a lot of system functions such as registry editor, task bar, tools/folder options, msconfig, services etc.
I have installed a myriad of antispyware/antiadware such as lavasoft's ad aware, spybot search and destroy and microsoft's windows defrender (the workstation has a mcafee enterprise antivirus installed prior to infestation), after thorough scanning the antispywares have found lots of malware in the system and i have removed it through the antispyware. After reboot I noticed that this advanced malware is still in the system and realized that the myriad of anytispyware has no match with this type of infestation.
After further checking I learned that this malware has a central file named "SCVHSOT.EXE" and I made further google searches and found this substantial information:
http://www.prevx.com/filenames...68-X1/SCVHSOT.EXE.html
But before I came across that information I have tried this one extensive solution I got from google:
http://www.daniweb.com/blogs/entry1746.html
The procedure on that site above helped a bit, as in the task manager and registry editor didn't work at all previously, and now they appear for a fraction of a second and disappear so I still cant get into the registry editor and task manager and I cant find the other accessory files of the malware.
I have tried the "Prevx CSI free PC checker" at http://www.prevx.com and I was surprised that this is the only scanner than can see these malware files but I cant use it to clean the system as it needs to be purchased.
I made further search and have found a very informative solution which I will be trying tomorrow and will give you an update, but if you guys have some other tips and advice please do share it as I am still not sure if I will be able to remove this malware using the instruction at this
http://piyushlabs.wordpress.co...glannew-foldersvchost/
Well to share with you guys, one thing I learned from this is that not all popular antispyware or antimalware can detect infestations like this, just like according to this site http://www.prevx.com (if ever they are highly credible) check the graph on the front page.
I have installed a myriad of antispyware/antiadware such as lavasoft's ad aware, spybot search and destroy and microsoft's windows defrender (the workstation has a mcafee enterprise antivirus installed prior to infestation), after thorough scanning the antispywares have found lots of malware in the system and i have removed it through the antispyware. After reboot I noticed that this advanced malware is still in the system and realized that the myriad of anytispyware has no match with this type of infestation.
After further checking I learned that this malware has a central file named "SCVHSOT.EXE" and I made further google searches and found this substantial information:
http://www.prevx.com/filenames...68-X1/SCVHSOT.EXE.html
But before I came across that information I have tried this one extensive solution I got from google:
http://www.daniweb.com/blogs/entry1746.html
The procedure on that site above helped a bit, as in the task manager and registry editor didn't work at all previously, and now they appear for a fraction of a second and disappear so I still cant get into the registry editor and task manager and I cant find the other accessory files of the malware.
I have tried the "Prevx CSI free PC checker" at http://www.prevx.com and I was surprised that this is the only scanner than can see these malware files but I cant use it to clean the system as it needs to be purchased.
I made further search and have found a very informative solution which I will be trying tomorrow and will give you an update, but if you guys have some other tips and advice please do share it as I am still not sure if I will be able to remove this malware using the instruction at this
http://piyushlabs.wordpress.co...glannew-foldersvchost/
Well to share with you guys, one thing I learned from this is that not all popular antispyware or antimalware can detect infestations like this, just like according to this site http://www.prevx.com (if ever they are highly credible) check the graph on the front page.