Sign in to follow this  
Followers 0
slayerz

Can anybody help me...

17 posts in this topic

I'm autoit newbiez.. so can you help me on how to enable back my registry editor?

Last morning, my PC was attacked by something like a virus named SVICCHOST.exe and its using AutoitV3 to change some value in my registry that disable the task manager & also the registry editor!!

Huhuu Can you teach me how to make a script to enable back my registry editor, so that I can enable back my task manager?

For ur infrmation, I'm using Windows XP SP2

Also, could u tell me how to delete that virus from my PC? It seems to run every time I turn on my PC

Thanks!


AUTOIT[sup] I'm lovin' it![/sup]

Share this post


Link to post
Share on other sites



What happens when you boot to the safe mode?


[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

What happens when you boot to the safe mode?

it's still the same... I can't open my task mgr & run regedit


AUTOIT[sup] I'm lovin' it![/sup]

Share this post


Link to post
Share on other sites

it's still the same... I can't open my task mgr & run regedit

How did you determine that it was using AutoIt - I mean - is there a website that has already analyzed this problem?

[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

How did you determine that it was using AutoIt - I mean - is there a website that has already analyzed this problem?

I'm using SIW (system information windows by Gabriel Topala) since I can't open my task manager to check the running process.

It can analyze from where & what type of process that is running.

That virus run from C:WINDOWS\System32 and the type is : AutoitV3


AUTOIT[sup] I'm lovin' it![/sup]

Share this post


Link to post
Share on other sites

I would suggest procexp.exe over task manager anyway.


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

I would suggest procexp.exe over task manager anyway.

Thanks for ur suggestion.

Anyway, does anyone know how to get rid of this virus from my pc?


AUTOIT[sup] I'm lovin' it![/sup]

Share this post


Link to post
Share on other sites

Thanks for ur suggestion.

Anyway, does anyone know how to get rid of this virus from my pc?

What AV tool are you running? Check their website.

[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

What AV tool are you running? Check their website.

I'm using AVG.ok, i'll check it out..

If you guys have solution,let me know okay?

c ya guys,thanks a lot for ur fast reply


AUTOIT[sup] I'm lovin' it![/sup]

Share this post


Link to post
Share on other sites

I beleive I had this virus problem last week on my laptop... SVCHOST.exe is its name... (copied off the official windows service host)... look in ur start menu under start up is there a svchost.exe in there? ... if so u probally cant delete it... if its there ill give u the rest of the instructions... btw AVG Free is stopping there service.. I would recommend Avast! Free


[sup]Psibernetic[/sup]My Creations:X-HideSecuracy

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

... btw AVG Free is stopping there service.. I would recommend Avast! Free

I would run them both for a while and then dump AVG.

From http://free.grisoft.com/doc/1

GRISOFT is announcing a new version of the AVG Anti-Virus Free Edition. This new 7.5 version with improved performance and full compatibility with the latest Windows Vista version is available. Users that are using AVG Free 7.1 will be provided with a specific dialog, within the next few weeks, with the opportunity to choose the right option fulfilling their needs. AVG Free 7.1 version will be discontinued on 18th of Feb 2007.

AVG just did a bad job of communicating the fact that 7.1 was ending and users were welcome to buy a version of AVG and btw there will be a new free version also. Edited by herewasplato

[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

Magnificent thnx for that lil bit of info...as far as this guys virus goes, The instructions for deleting are: boot into safe mode, open command prompt, Change Directory to "C:\Documents and Settings\All Users\Start Menu\Programs\Startup", type in command prompt: del svc*, reboot into normal windows and enjoy your task manager


[sup]Psibernetic[/sup]My Creations:X-HideSecuracy

Share this post


Link to post
Share on other sites

For problems with task manager (if of course some application isn't running and checking/changing values all the time) you can use:

http://support.microsoft.com/kb/555480

create something like myfile.reg and put there something like this. Make sure to read first the link i gave you. That's what microsoft suggests.

Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
"DisableTaskMgr"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

My little company: Evotec (PL version: Evotec)

Share this post


Link to post
Share on other sites

thanks guy.. my task manager can be functional again


AUTOIT[sup] I'm lovin' it![/sup]

Share this post


Link to post
Share on other sites

omg svchost.exe is a virus? XD I thought it was a system process. I have like 10 of them running right now.. and If I try to exit it my comp just crashes wit hthe blue screen of death XD


[center]"When you look at old, classic games like Snake, you often put it off because it's such a simple game, but it's only when you actually try and create your own unique game from scratch, do you finally appreciate those games."[/center][center]Don't ask for answers if you haven't TRIED yet![/center][center]Most answers can be answered in the help file! Use it![/center]

Share this post


Link to post
Share on other sites

#16 ·  Posted (edited)

omg svchost.exe is a virus? XD I thought it was a system process. I have like 10 of them running right now.. and If I try to exit it my comp just crashes wit hthe blue screen of death XD

svchost is not a virus, but there are a number of viruses which call themselves by that name, or that show up as svchost in the taskmanager.

Edited by improbability_paradox

Share this post


Link to post
Share on other sites

omg svchost.exe is a virus? XD I thought it was a system process. I have like 10 of them running right now.. and If I try to exit it my comp just crashes wit hthe blue screen of death XD

You can't be serious... :)

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0