SSVICHOSST virus
Virus File Name:
ssvichosst.exe (having a folder icon)
(a file inside a folder having the same name as the folder, having folder icon)
Symptoms:
You are unable to open TaskManager, Regedit, CMD, Msconfig, etc.
Some windows open for fractions of seconds and suddenly gets closed. Like TaskManager, Regedit, etc.
No command works in ’command’ window, except ‘exit’.
The Tools>FolderOptions is gone in the Windows Explorer.
You cannot see your hidden files.
Your system has become too slow. As the virus process takes up almost half of the resources.
Behind the screen:
The virus copies the virus file “SSVICHOST.EXE” to C:\Windows\ and to C:\Windows\System32\ .
It runs its process SSVICHOSST.EXE as the background process under User.
Processes with the other file name may also be running with the WindowTitle ‘AutoIt v3′.
It adds a startup program in HKCU\Software\MicroSoft\Windows\CurrentVersion\Run as ‘Yahoo Massangger***’
Adds a value in registry, HKLM\System\ControlSet001\Services\Schedule ‘AtTaskMaxHours’=0.
Complete detail
SOLUTION:
Follow this long procedure . . .
End Task*
———-1. On desktop> right-click> new> shortcut
2. Enter
taskkill.exe /F /FI “IMAGENAME eq ssvichosst.exe”
3. Next> finish
4. Double click the shortcut file just created
*In some case, if this “taskkill.exe” file is not available in the windows\system32 directory (esp. in laptops), then try to get it from someone’s comp.
Enable Task Manager
——————-
1. Start> run
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
2. Start> run
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
Enable CMD
———-
1. Start> run
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCmd /t REG_DWORD /d 0 /f
2. Start> run
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCmd /t REG_DWORD /d 0 /f
Enable Regedit
————–
1. Start> run
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
2. Start> run
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
Folder Option & Hidden Files
—————————-
1. Start> run
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f
2. Start> run
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f
3. Start> run
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 1 /f
4. Start>run
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v DefaultValue /t REG_DWORD /d 2 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f
Delete Virus Files**
——————–
1. Start> run> CMD
del %windir%\ssvichosst.exe /a /f /q
del %windir%\system32\ssvichosst.exe /a /f /q
**Do not double click these files, otherwise you have to start from the begining
Delete Startup Launch of Virus***
———————————–
1. Start> run
reg delete HKCU\Microsoft\Windows\CurrentVersion\Run /v Yahoo Messengger
Fix for ” Windows cannot find ssvichosst
—————————————–
1. START> RUN > type CMD > now paste the following
reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v Shell /t REG_SZ /d Explorer.exe
this procedure is to remove the error that comes whenever you restart windows
something like “could not find SSVICHOSST” or “error loading SSVICHOSST” or “windows cannot find ssvichost”
No comments:
Post a Comment