1. Join Now

    AVForums.com uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus Problem, help!

Discussion in 'Desktop & Laptop Computers Forum' started by Greg Hook, Nov 14, 2004.

  1. Greg Hook

    Greg Hook
    Moderator & Reviewer

    Joined:
    Nov 25, 2001
    Messages:
    20,563
    Products Owned:
    1
    Products Wanted:
    1
    Trophy Points:
    166
    Location:
    In a secret location with Jennifer Lawrence
    Ratings:
    +7,366
    Hi

    I have the W32/Nachi-B virus on my PC.

    Fortunately Sophos has found it and tells me its denied access to it everytime my PC starts up, but I really want to delete it.

    Running the scan it tells me the virus is in the svchost.exe and do I want to delete it.

    Now checking over the net and other places, this seems to be a main windows file. Is it OK to delete?

    Thanks
    Greg
     
  2. rooney

    rooney
    Active Member

    Joined:
    Mar 7, 2004
    Messages:
    506
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Location:
    midlands
    Ratings:
    +33
  3. KraGorn

    KraGorn
    Active Member

    Joined:
    Aug 30, 2003
    Messages:
    4,740
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    68
    Location:
    Warrington
    Ratings:
    +27
    No it is NOT safe simply to delete that file, SVCHOST.EXE is a general purpose utility used to run many of XP's background services .. it's name is a contraction of SerViCe HOST .. in fact you'd probably not be able to simply delete it due to it being in use, look at the Process list in Task Manager and you'll see several instances of it.

    From reading the link provided by rooney it seems that the virus isn't in that file .. again, since it's in use all the time a virus who have to work very hard to alter it .. so that's not the root of your problems.

    I'm surprised Sophos doesn't provide information on its' removal, have you checked their web site?
     
  4. KraGorn

    KraGorn
    Active Member

    Joined:
    Aug 30, 2003
    Messages:
    4,740
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    68
    Location:
    Warrington
    Ratings:
    +27
    No it is NOT safe to delete that file, SVCHOST.EXE is a general purpose utility used to run many of XP's background services .. it's name is a contraction of SerViCe HOST .. in fact you'd probably not be able to simply delete it due to it being in use, look at the Process list in Task Manager and you'll see several instances of it.

    I'm surprised Sophos doesn't provide information on its' removal, have you checked their web site?

    Have you any idea how you got it? It seems that it uses some long-patched exploits, were you not fully patched?
     
  5. Greg Hook

    Greg Hook
    Moderator & Reviewer

    Joined:
    Nov 25, 2001
    Messages:
    20,563
    Products Owned:
    1
    Products Wanted:
    1
    Trophy Points:
    166
    Location:
    In a secret location with Jennifer Lawrence
    Ratings:
    +7,366
    Thanks for the replies.

    I have been to the Sophos website and it tells you to download a little program they have made. This scans your computer for the virus, if it finds it, it will prompt you if you want to delete the file. This was what I was referring to above.

    I have had it ages, probably got it the first time I connected to the net to download all the XP updates.

    I will try rooney's link and see what happens.

    Thanks
    Greg
     
  6. KraGorn

    KraGorn
    Active Member

    Joined:
    Aug 30, 2003
    Messages:
    4,740
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    68
    Location:
    Warrington
    Ratings:
    +27
    Well, I guess they know what they're doing, I'd love to know how one can delete a file that's in use by currently active processes.

    Is this the page on Sophos you've seen? Have you run that utility they mention that tells you to delete SVCHOST.EXE?
     
  7. Greg Hook

    Greg Hook
    Moderator & Reviewer

    Joined:
    Nov 25, 2001
    Messages:
    20,563
    Products Owned:
    1
    Products Wanted:
    1
    Trophy Points:
    166
    Location:
    In a secret location with Jennifer Lawrence
    Ratings:
    +7,366
    Yes, thats the one.

    I am sure they do know what they are doing, but still not confident about deleting an important file. Might have to email them and see what they say.
     
  8. KraGorn

    KraGorn
    Active Member

    Joined:
    Aug 30, 2003
    Messages:
    4,740
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    68
    Location:
    Warrington
    Ratings:
    +27
    I think that's what I'd do if we got such a message here .. at work we use Sophos.
     
  9. Jayde

    Jayde
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    try trend micro HOUSECALL free online AV
    I removed lots o worms with it..

    Same for spyware free online vers
     
  10. GagHalfrunt

    GagHalfrunt
    Active Member

    Joined:
    Sep 1, 2001
    Messages:
    522
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    North Cotswolds
    Ratings:
    +3
    I had to deal with a mass outbreak of this awhile ago.

    I've got a feeling that although it has the same name as SVCHOST is isn't in the same place so can be removed. But tbh it's just as easy to get the Fix from:

    Symantec removal tool

    And run it and let it do it's stuff. Welchia = Nachi btw.
     
  11. Greg Hook

    Greg Hook
    Moderator & Reviewer

    Joined:
    Nov 25, 2001
    Messages:
    20,563
    Products Owned:
    1
    Products Wanted:
    1
    Trophy Points:
    166
    Location:
    In a secret location with Jennifer Lawrence
    Ratings:
    +7,366
    Thanks for the replies, I have let the sophos do its magic and it seems to be gone.
     

Share This Page

Loading...