Dec

Removing the SSCVIHOST.exe worm virus

Posted by: Ryman in Think Talk

I’m going to make this as short and as clear on the instructions as possible. Take note however that I’m not an expert on viruses so I advice you to consult an expert first or, if you are willing, just go a head and follow my instructions. I was once a programmer, but I didn’t pursue that field, and I moved on to web development. Anyway I have encountered many viruses in my daily use of computers, and as much as I know programing and how code works, I can usually remove it without using any anti-virus software. However, be warned that the following procedure will require you to edit your Registry and thus no mistakes must be made there. Or else you may end up with a messed OS.

Introduction

SSCVIHOST.exe according to my research has many names, the popular are W32/Sohana-AO (Sophos) and W32.Imaut.AY (Symantec/Norton). Basically this is a type of worm virus that spreads via USB thumb drives and/or Yahoo! Messenger. A worm virus, technically, doesn’t destroy your files, it just add tons of of useless files in order to fill up your hard drive or slowdown your system resources. We don’t like that do we?

Anti-virus softwares

Most major anti-virus products with the latest definition files installed, detects this virus so you don’t have to worry about it spreading through your hard drive. Sophos, Symantec Norton, TrendMicro PcCillin, already detects this. I’m not sure about McAffe, AVG, or ESET NOD 32. But I will tell you this, BitDefender, even with the latest update installed doesn’t detect this. So you have that anti-virus program, chances are, SSCVIHOST.exe will eventually reach your computer.

Symptoms

CLTR+ALT+DEL is not working
Folder Options is missing from your TOOLS menu
Registry Editor (RegEdit) is not working
Your system is slowing down gradually
There seems to be a lot of hard drive activity even if you are doing nothing
You have a New Folder.exe in every folder and in each sub folder

Preparation

This is the actual procedure I did when the worm infiltrated my PC. Before you start on the procedure, you have to download this file from Symantec.

UnHookExec.inf (click to go to the website and the download link).

The file will enable RegEdit and other commands disabled by the virus. Save this file in your desktop. Now let’s start.

Removing the virus

FIRST: You have to stop the virus from running in the first place. If your system is already infected, it is already running in the background. You must restart your computer then run it in safe mode.

Restart your PC
Press F8 as soon after the BIOS boots. If you don’t know what that is, just keep pressing F8 until a menu appears.
Select Safe Mode from the menu
On your desktop, right click on the file UnHookExec.inf then select install. You won’t see any prompt or confirmation so don’t worry about it.
By now, CTRL+ALT+DEL is already working so open up your Task Manager. End task the following programs/processes:
- SSCVIHOST.exe
- blastclnnn.exe
- New Folder.exe

SECOND: Delete the virus files from your PC. There are two ways to do this, via windows shell or command prompt (DOS) shell. Since Folder Options has been disabled by the virus, you cannot switch to show hidden files and system files. Well you can edit it in your Registry, but let’s just do it the DOS-way. Follow this carefully.

Select Run from your start menu, then type cmd. Press enter. The paths differ depending on your operating system, but in this procedure let’s assume you are using Windows XP
At the command prompt go to your system32 folder (this may differ if you are using NT/2000 or XP). For the sake of this procedure lets assume you are using XP. Type cd\windows\system32
On this path (c:\windows\system32>) type the following commands in order:
- attrib -h -r -s SSCVIHOST.exe
- del SSCVIHOST.exe
- attrib -h -r -s blastclnnn.exe
- del blastclnnn.exe
- attrib -h -r -s autorun.ini
- del autorun.ini
- cd\windows\ (this will move you to the windows prompt c:\windows)
- attrib -h -r -s SSCVIHOST.exe
- del SSCVIHOST.exe

THIRD Clean up the registry. Your RegEdit is already running because of the file we’ve downloaded from Symantec. On your run box (from the Start menu) type regedit. WARNING: Be careful on what you edit here, because a single mistake may screw up your system. Just follow the paths that are mentioned here so you won’t get lost. Make sure you edit only what mentioned in this procedure.

Navigate to the following registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
“Shell” = “Explorer.exe SSCVIHOST.exe”
(edit and remove the word SSCVIHOST.exe leaving only Explorer.exe, if you screw this up windows shell won’t show on your next boot)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
“Yahoo Messengger” = “%System%\SSCVIHOST.exe”
(delete this entry)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\
“shared” = “[SHARE NAME]\New Folder.exe”
(delete this entry)

Restore the following registry entries to their original values, if required:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“DisableTaskMgr” = “1″
(set to zero (0) to enable)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“DisableRegistryTools = “1″
(set to zero (0) to enable)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“NofolderOptions” = “1″
(set to zero (0) to enable)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\”AtTaskMaxHour”
(Remove an entry here that has a name with blastclnnn.exe, or just remove all entries here)

FOURTH Clean again after cleaning. Restart your PC, again in Safe Mode (remember to press F8). This time we will remove all other files that have been created by the virus. Folder options in your Tools menu is already working so open that up. Then select “Show Hidden files and folders” and uncheck “Hide protected operating system files.” Then search your whole hard disk (using windows search from the start menu) and SHIFT+DEL all these files. Also cleanup your recycle bin after this.

SSCVIHOST.exe
blastclnnn.exe
New Folder.exe (these are the garbage files created by the worm it will create thousands upon thousands of these in your hard drive)

FIFTH Check your autoruns. On your run box at the start menu, type msconfig. Look at the startup tab for any suspicious files that are related to the virus and disable (you can also remove it in the registry) it.

That’s it. Reboot your system normally and check your Task Manager (CLTR+ALT+DEL) if there are running processes that aren’t supposed to be running.

For more information and/or reference to the virus check out these sites:
Trendmicro
Sophos
Symantec/Norton

UPDATE 2008.01.23: For an easier removal of the SSCVIHOST.exe (Sohana D) worm virus, you can get a tool to remove it at sergiwa.com
Download SRT - Sohanad Removal Tool to remove the virus and its accompanying files
Download RRT - Remove Restrictions Tool to enable RegEdit, Folder Options, Task Manager, etc.

Bookmark this:

Remove the jwgkvsq.vmx worm-virus

Tags: SohanaD, SSCVIHOST.exe, virus

This entry was posted on Saturday, December 1st, 2007 at 2:43 pm and is filed under Think Talk. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

156 comments so far

charlez

Hi..
my name is charlez from Indonesia..
i really thanks to this site. i was have problem with that .exe
but now its gone..after i use your advice step by step
thank you very much to everybody here.
chao…

December 7th, 2007 at 8:23 pm

Ryman

@Charlez

Thanks for visiting the site. I’m glad I could be of help.

December 8th, 2007 at 3:34 pm

newbie_14

I wonder how intelligent or able people like you try to help people like us who doesnt have any further knowledge about this kind of problem. Thanks for the post it will help a lot.. godbless

December 21st, 2007 at 10:16 pm

sivasankaran

Ryman Thank you very much.
I experienced the above problem and now
i rectified it.
really your explanation too good and extreamely clear.
once again thank you very much for your extraordinary
information.
May god bless you.

with thanks,
Siva sankaran from India

December 23rd, 2007 at 1:12 pm

Ryman

@newbie_14

Thanks for the visit.

@Siva sankaran

Thanks for the comment. Originally, I was planning to do a thorough guide for this topic. Unfortunately, I have little time to make it so I just made this simpler guide.

December 23rd, 2007 at 8:59 pm

anasansari

i want free antivirous and spyremover download in my computer

December 24th, 2007 at 9:12 pm

Ryman

@anasansari

If you want a true free antivirus, you can get one at http://free.grisoft.com they have the AVG anti-virus software and AVG anti-spyware software.

And for free anti-spyware programs. Try using these products:
Lavasoft Ad-Aware
Spybot - Search and Destroy

You can search for their websites in your search engines.

December 25th, 2007 at 12:43 am

Rhamil

I’m Rhamil from PHILIPPINES…
Thanks for this guide….
It has been a big problem for me because every time
I connect a storage device into my computer..
It will take up almost 15 mb…..
In storage devices??
How can I remove SSCVIHOST.exe there??

December 25th, 2007 at 4:01 am

MARK ARVYN BAUTISTA

Thanks for the guide. Im also from the phil. long live..xD

December 25th, 2007 at 10:10 am

Ryman

@Rhamil

Hello Rhamil, the guide above contains instructions on removing the SSCVIHOST.exe on your hard drive.

To remove the one in your USB/portable/flash storage device, just follow STEP 4 (you don’t need to boot in safe mode).

From your Tools, Folder options menu, select “Show Hidden files and folders” and uncheck “Hide protected operating system files.”

Then delete these files in your removable drive.
SSCVIHOST.exe
blastclnnn.exe
New Folder.exe
autorun.inf (Be careful in deleting this, there are some portable storage device that actually use this. To check, open the file in notepad, if it has words like SSCVIHOST or blastclnnn then delete it).

Unfortunately when you plug your USB drive in another computer that is affected by the virus, it will again get contaminated. See my post here

USB flash drive or Portable card reader?

Also to stop AUTORUN (and autorunning the virus) when you plug your infected device in another computer, press and hold the SHIFT key. Autorun in windows is dangerous because this is when the virus spreads.

@MARK ARVYN BAUTISTA

Thanks for visitng kababayan.

December 25th, 2007 at 12:25 pm

Upie

Hello Ray
Thank’s for give us that important information about removing a SSCVHOST.exe virus.

I had follow all your instruction as shown at this site.

But I have a problem, and until this second that virus cannot remove out of my computer,

Here the problems :
1. In save mode, After i install the UnHookExec.inf, then I type : CTRL + ALT + DEL .. still with the same reason ” only bla bla bla by administrator. what’s wrong with that.

2. I can’t run “cmd” ,,, but it run with “command”.

3. also that I cannot run “regedit”

ok back to a real windows / normally.

long time a go, i always show all hidden system on my PC. so that I can see/find a hidden system.

Well, Successful to delete “blastclnnn.exe” and “new folder.exe” but not the damn “SSCVHOST.exe” even I had put out -hiden, -read, -system.

What wrong with that…

and in normally windows, i cannot run the registry..

thank’s before..

I will mark your site for nexe information from you.

December 26th, 2007 at 12:04 am

Ryman

@Upie

1. UnHookExec.inf (that was created by Symantec) should work it’s way through your registry, thus enabling CTRL+ALT+DEL and regedit. In safe mode, you must be running as administrator, then right click and install UnHookExec.inf file.

2. “Command” is the same as “cmd”, you must be using a different version of Windows. The guide above, assumes that you are using Windows XP.

3. Same as my answer to #1.

You can’t delete “SSCVHOST.exe” yet because it might still be running in the background. Like I’ve said, your CTRL+ALT+DEL (Task Manager) should be working.

Feel free to comment again if you have any problems. Good luck.

December 27th, 2007 at 6:47 pm

Deo

Hello ,

Yes , Ive been following the guide but the virus keeps coming back , is it due to the network? I have 3 PCs , should I shutdown all and make the virus removal 1 by 1? Im really sorry I just want to erase these new folders.exe , but I dont have that SSCVHOST.exe thingy , I have scvhost.exe. Is it the same?

Im really sorry , Im 13. :3

January 11th, 2008 at 6:48 pm

Ryman

@Deo

If your 3 PC is in a network, then check every PC with the virus. It will spread through the network, and any USB flash drive you insert in a computer that is already infected. I suggest using an anti-virus software to prevent it from coming back.

Shutdown first the other two, then check each PC one by one. You have to remove the virus file, specially the autorun.inf file that is related to the virus.

Don’t remove the SVCHOST.exe (check spelling) because it is being used by your computer. It’s not the same as the SSCVIHOST.exe virus.

January 12th, 2008 at 7:22 am

Deo

@Ryman

Thanks man , Im using Ad aware ^^ , yeah that virus really created 3000+ folders. Thanks for helping , your guide was kick ass xD.

January 13th, 2008 at 8:04 am

diginode

Many many thanks for removal process. It is realy helpful.

January 13th, 2008 at 3:50 pm

GREG

Hi.. I really thank you for your advice..It really helps..I tried every steps to remove the SSCVIHOST.exe but It does not works except the one that you recommend…

January 13th, 2008 at 4:36 pm

Ryman

@Deo
Also remember to update your anti-spyware software regularly for it to be able to detect new spywares.

@diginode & GREG
Thanks too. I’m glad my simple guide solved your SSCVIHOST.exe virus problems.

January 13th, 2008 at 6:38 pm

Mannuella

hey, thx for this site….but i still have a bit problem….i downloaded the file that u required, i have install that on my desktop, but when i try to click CTRL+ALT+DEL, the Task Manager was still not working….it’s confusing me…. and also, there’s no New Folder.exe or SSCVIHOST.exe on my drive ….. the virus only attacked system32 and it’s only in my flashdisk. so what should i do???? thx before….may God bless

January 15th, 2008 at 4:54 pm

Ryman

@Mannuella

You have to right click the file then select Install, double clicking it won’t work. The file should work (and it’s made by Symantec).

If it is only in your flashdisk, insert it in your USB drive while holding the SHIFT key to prevent it from autorunning. When the drive shows up in My Computer, delete the files related to the virus. Just follow the FOURTH step I mentioned above.

Please post back here again if you are still having problems. Anyway I’m planning to make a registry file to enable the task manager and regedit, if the file from Symantec still doesn’t work.

January 15th, 2008 at 7:15 pm

Manuella

yes, i have right click on that file, but it still didn’t working…. SSCVIHOST.exe and New Folder.exe are on my flashdisk and also in my drive C:\WINDOWS\system32, but SSCVIHOST.exe and New Folder.exe are not in my drive D, E, F and G… it’s weird… I think, you should make a registry file to enable the task manager and regedit…..thx before.. May God bless

January 18th, 2008 at 12:39 pm

KingPin

@ Ryman

Hi, can you please give me information about something that infected my PC. I think its a kind of virus or other maliciuos programs. I got it when i inserted a flashdisk, an autorun pops up, then a “Microsoft Word Document” appeared in my desktop. When I’d “right-clicked” the file, the 1st 3 options are:
Test
Configure
Install

I decided to delete it since I don’t know what it is, but it just keep appearing on my desktop.

Thanks to the guide about SSCVIHOST.exe virus, i learned alot about the registry. I had that virus too last week, and i got rid of it because of you guide.

Jason From Philippines

January 18th, 2008 at 10:34 pm

Rommel

You mentioned that the scripts you suggested were for the Windows XP platform. How can I use it for Win98SE? or is there another guide for removing this worm on Win98SE? I have the free edition of AVG but it hasn’t been successful in detecting this.

Thanks! Your doing an awesome job for the PC community. God bless!

Rommel from QC, Philippines

January 18th, 2008 at 11:36 pm

Ryman

@Manuella
I suggest you create a backup of your whole registry in case something goes wrong. There are a lot of free Registry backup softwares available on the Internet.

Anyway here is the registry file I created to enable your Registry Editor and Task Manager. Just right click, then choose save as. Enable-Reg-Task.reg After downloading the file, double click it, then select Yes to modify the registry.

I created this by exporting the registry entry from my system. I’m using Win XP SP2, if you are using a different OS, I’m not sure if this will work. If it does work, then just follow the steps above to remove the virus.

@KingPin/Jason
If it keeps appearing after you’ve already deleted it then the virus is already in your system. I cannot identify what type of virus you have because I don’t know what programs are running in your PC. Anyway if you could list all the running programs in your Task Manager (ctrl+alt+del), we could probably identify the culprit.

I also suggest to get a decent anti-virus software to remove it. See my post here… What’s the better anti-virus software?

@Rommel
I’m sorry to say that my guide is for Windows XP. I created it because my system got infected and created this steps on how I removed it.

In Win98 this is the system folder the virus resides
C:\Windows\System\

About the registry, I’m not sure if it is located in a different path. But you can search for the file names I mentioned inside the registry. Just run your registry editor, then click Edit, then Find. Type the file names of the virus then if found just delete the entry. Press F3 to continue searching.

Also I suggest changing your anti-virus software. See my post here… What’s the better anti-virus software?

January 19th, 2008 at 10:20 am

KingPin

@ Ryman

After reading some threads and topics from different forums regarding viruses and other viral problems, i think i know what virus infected my PC. The “lsass.exe virus”, and that’s what keeping the “MsWord file” in my desktop, and my RUN command in the start menu is missing. Also, the “New Task” in application tab of Task Manager seems to be disabled. I tried to delete some named items from the forums that they tell us to remove using the registry editor, but still it keeps showing up. I’m wondering if you can still help me remove it without using any anti-virus program. Here’s the running processes on my TaskManager:

•ctfmon.exe ADMIN 3,692k
•taskmgr.exe ADMIN 2,656k
•alg.exe LOCAL SERVICE 3616k
•iexplorer.exe ADMIN 3,616k
•rundll32.exe ADMIN 3,584k
•jusched.exe ADMIN 2,440k
•Apache.exe SYSTEM 5,792k
•nSvcIp.exe SYSTEM 6,528k
•spoolsv.exe SYSTEM 6,924k
•explorer.exe ADMIN 10,304k
•svchost.exe SYSTEM 5,276k
•nvsvc32.exe SYSTEM 3,816k
•nSvcLog.exe SYSTEM 4,296k
•svchost.exe LOCAL SERVICE 4,544k
•svchost.exe NETWORK SERVICE 3,384k
•svchost.exe SYSTEM 25,188k
•svchost.exe NETWORK SERVICE 5,184k
•Apache.exe SYSTEM 6,032k
•svchost.exe SYSTEM 5,052k
•lsass.exe SYSTEM 936k-960k
•services.exe SYSTEM 5,936k
•winlogon.exe SYSTEM 9,124k
•csrss.exe SYSTEM 1,940k
•avgemc.exe SYSTEM 1,880k
smss.exe SYSTEM 400k
svchost.exe LOCAL SERVICE 3,276k
•avgamsvr.exe SYSTEM 476k
•avgupsvc.exe SYSTEM 704k
•BlueSoleil.exe ADMIN 13,796k
•avgcc.exe ADMIN 472k
•lsass.exe ADMIN 29,000k, (adds 4k every seconds)
•System SYSTEM 240k
•Sytem Idle Process SYSTEM 28k

I only have AVG as my av software, but it’s only free version. See if you can help me about this. if not, should i have HiJackThis to post my logs in here?

Thanks and hoping…

Jason

January 19th, 2008 at 4:36 pm

Ryman

@KingPin/Jason

Based on the files running in your task manager, I assume you have Internet Explorer running, along with Apache, AVG anti-virus, your Bluetooth driver, and all the others are windows components, including the lsass.exe.

According to Symantec the name of the virus is W32.Sasser. It is a worm virus that corrupts lsass.exe

However, lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. This program is important for the stable and secure running of your computer and should not be terminated. Link.

The lsass.exe file included with Microsoft Windows is not spyware, a trojan, or a virus. However, like any file on your computer it can become corrupted by a virus or trojan. antivirus programs can detect and clean this file if it has become infected. Because this file is part of Microsoft Windows users should never delete or remove this file if they think it is infected, let the antivirus program handle it. Link.

So basically, we can’t just terminate the lsass.exe file. Instead you can try to use the removal tool designed to remove the W32.Sasser worm virus. Download tool here and instructions for removal. Try the removal tool first if it works.

Good luck

January 20th, 2008 at 12:28 pm

KingPin

@Ryman

So that’s why “lsass.exe” is a critical process to stop. Thanks man!

By the way, I forgot to tell you that there is another process in the TaskManager that I’ve already stopped before I posted them here. I read from some forum that “lsass.exe.exe” should not exist in the processes. At first, I didn’t noticed that there are two “.exe” extensions, so I stopped it right away. I’ll try if this removal tool is gonna work.
Seems like, Symantec has all solutions regarding worms which keeps me thinking if I should have AV software from Symantec.

Anyway, I really appreciate your help and advices. You’re a HERO!!!
More power…

January 20th, 2008 at 4:22 pm

Ryman

@KingPin/Jason

Good luck in removing the virus, I hope it does work. Anyway, I’m a former user of Symantec Norton Anti-virus for many years. And I didn’t have any problems about the product except for one thing, it uses up too many system resources (memory). You can read my story about it here. It is a highly recommended product among the AV softwares.

January 20th, 2008 at 7:22 pm

KingPin

@Ryman

Sad to say, but the tool (FxSasser) didn’t detect anything.
I’m really confused now, i followed all the instructions as written, but nothing came up.
I guess I’m up to my last resort: Reformat.
When I’m done, I’ll be researching more about other viral problems and how to prevent it. After all, reformatting was my first choice before i read your guides. I’ll be studying harder, and have a discussion area/forum like this so I can also help others just like what you are doing.

January 20th, 2008 at 9:39 pm

Rommel

i have successfully removed SSCVIHOST.exe, blastclnnn.exe, New Folder.exe and the cloned folders thru the manual removal. It was a nerve wrecking procedure since you’ve warned that any wrong script might mess up the entire OS if I did it wrong. Oh well now I can rest easy.

thanks so much!

however I’m not seeing any Folder Options under the Tools Menu of Internet Explorer, but this function is in Windows Explorer’s View menu. Or is this because of Win98SE’s architecture?

January 22nd, 2008 at 12:41 am

Ryman

@KingPin/Jason

Maybe it’s another type of virus, but with the same name.

@Rommel

Congrats The Folder options is in the Windows Explorer menu. So it’s just right.

January 22nd, 2008 at 1:30 am

Cricket

Pare,

Thanks for the info! It’s very helpful and very thorough. I would like to acknowledge your adept skill in writing. It really helped a lot.

Thanks.

January 22nd, 2008 at 8:46 pm

Ryman

@Cricket

Thanks also for visiting my site

January 23rd, 2008 at 12:19 pm

jake ilustre

One laptop of out agencies Directors got infected by the worm virus sscvihost.exe….

Your article “Removing SSCVIHOST.exe worm virus did helped me a lot….

Indeed her laptop slowed down a lot….because of the many processes the above mentioned worm virus has created….

Again thank you very much….

January 25th, 2008 at 8:59 am

Manuella

hey Ryman, thx… thx…thx….it’s succesful, but a bit problem, when i set my computer to window xp, Tools still had no Folder Options. But i have handled it…… Thx…thx…thx…. for this site…. May God bless you!!!!!!!!!!!!!! Greetings from Indonesia

January 25th, 2008 at 1:42 pm

Ryman

@jake ilustre

thanks also for visiting the site

@Manuella
you can show it again by going to your registry editor (run regedit). then follow this path

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“NofolderOptions” = “1″
(set to zero (0) to enable)

January 25th, 2008 at 9:18 pm

Rahul

Thanks a lot man, your steps above very very helpful, saved me a lot of trouble….. thanks again

January 26th, 2008 at 7:17 am

Bily

I hope this instructions work… the sscvihost.exe really is getting into my nerves…. grrrr!

January 26th, 2008 at 11:50 am

zyril

hi.. i reformatted our pc..after doing so, i installed 2 anti-virus softwares, avg and avira.. still my pc got infected.. i followed both processes but still task manager and registry edit is disabled by administrator.. im using windows home edition xp version 2002. hope you could help. thanks

January 29th, 2008 at 1:40 am

Ryman

@Rahul

Hi. Thanks also for visiting.

@Bily

Don’t worry, you will remove the virus in no time.

@zyril

You can follow the steps I mentioned above to enable your task manager and regedit. Or alternatively, you can download the registry file I made…
Enable-Reg-Task.reg

You can also read my post about anti-virus… here

January 29th, 2008 at 5:57 pm

Kenneth

i’ve tried everything you that you instructed. but i still can’t get my task manager to work.

January 31st, 2008 at 1:41 am

Ryman

@Kenneth

Try this file I made. Download, then double click so that it will merge to your registry
Enable-Reg-Task.reg

January 31st, 2008 at 9:07 am

Doodee

Thanks for sharing

February 1st, 2008 at 11:44 am

zebeye

good day!
same thing happens to me,after installing UnHookExec.inf…task manager still don’t work!so i search if there is another option other than task manager,then i find this so called “process manager or explorer by sysinternals”. (just search it on the web on how to download it!)It really work the way task manager do!!!then jst continue the steps what ryman gave…

hope this will help…

thanks for helping us ryman….YOUR THE MAN!!

February 3rd, 2008 at 10:53 pm

Ryman

@zebeye

Thanks for the additional info. I also use the tools provided by sysinternals, in fact I always use “autoruns” and “regmon” tool that they have. Their autoruns tool shows you all the processes that autoruns when your computer starts up. This is where I first found the SSCVIHOST.exe worm.

February 4th, 2008 at 8:48 am

Juju

can’t thank you enough for your post, it was a BIG help. and the avira Antivir helped to. it contained them all.

thank you!!!

February 6th, 2008 at 8:09 am

KingPin

For those who want a free reliable Anti-Virus program, I suggest using AVIRA. It has almost all definitions of worms and viruses(if updated), and can easily remove them during scan. Also, it fixes bad registries made by worms. Up to now, AVIRA is the only free anti-virus program that exceeded my expectations.
For those still having problems with the TaskManager and/or RegEdit, have the registry file made by Ryman. It works.
Still got SSCVIHOST.exe?
Ryman’s Guide + AVIRA = 100% will remove it

Good Day! Thanks to Ryman for this…

February 6th, 2008 at 6:26 pm

Khaye

@KingPin

Where can i download that avira anti vrus? And what are needed to download it? by the way, what do you mean it exceeded you expectations?
i’m just curious, thanks

February 6th, 2008 at 8:03 pm

Ryman

@Juju

Thanks also for visiting.

@KingPin

I’ll also like to try that Avira anti-virus. Thanks for the suggestion.

@Khaye

You can get Avira AV at their official site at http://www.avira.com. You can try the software for 30 days, and purchase if you are satisfied.

February 6th, 2008 at 8:52 pm

KingPin

@Ryman

Hey again. Just want to ask you if you know about this: “killer.exe”
A friend of mine have this in his processes in the TaskManager. At first, it doesn’t seem harmful, but later on we noticed that system programs and applications were minimizing by themselves, and cannot be restored. And when you try to run those programs again, nothing would appear because it’s still running. Even the TaskManager was minimizing. You can only re-open it again by closing it first.
To close it, right-click the TaskManager icon on your system tray(it’s located lower right of the screen where your clock and calendar is) and select close.
Although Avira antivir fixed it, I’m just curious if that symptom (minimizing) is also an added “tweaks” in the registry.

Still studying

February 7th, 2008 at 1:50 pm

Khaye

Does this AVIRA antivir expires? because it says that it generates license key every update..

February 7th, 2008 at 5:24 pm

Ryman

@KingPin

I haven’t encountered that virus yet, but according to my research there is a safe and unsafe form of killer.exe.

There is a ‘legit’ program that runs killer.exe to stop web popups by minimizing them. Unfortunately, the one that your friend have is the trojan virus. Killer.exe also has many names, and it depends on the accompanying file. It means that not only the killer.exe process you should eliminate, but also the other files that come with it.

I can’t discuss all the types here since there are so many, but I’ll mention the two most common.

If you removed the killer.exe file and your system is restored, and there are no other after-effects, we can assume that it is the single killer.exe named KILLAV-FK TROJAN. [pcreview.co.uk]

Another variant is from an infected file called funnyUSTscandal.avi.exe, take note that this is not a legit video (avi) file because of the .exe extension. There are many, who got infected by this virus because ‘they’ thought that it was actually a video. Double clicking the file executes the virus. Too bad for those who are looking for scandals.

Anyway, aside from killer.exe, it also loads two files; lsass.exe and smss.exe. All three must be deleted and removed. The steps to remove this is much like my instructions above.

If any of the readers here are looking for instructions on how to remove killer.exe created by funnyUSTscandal.avi.exe, you can visit a great tutorial made by dindin.
iamdindin.multiply.com

@Khaye

I can’t answer that coz I still haven’t tried the software yet.

@KingPin

Khaye has a question for you, 3 posts above, and the one directly above.

February 7th, 2008 at 9:10 pm

KingPin

@Ryman

I knew it in the first place that it is the funnyUSTscandal.exe because iv’e seen it before on some internet cafe. Their pervert customers downloaded it thinking that it was originally a scandal video, which they didn’t know that is is a virus. Luckily, avira has patterns of it and removed all threats brought by the virus.
Unfortunately for me, i was hoping that It’s an oppurtunity for me to research about it. By using the RegEdit, I thought that I can look for some changes made by the virus. But I failed, ofcourse because even before I can open a path of the registry, It’s already minimized. So, I decided to look for another way to research on it. Anyway, I’m also a fan of Belldandy. Can you give me some tips on how to customize my windows just like yours?

Fact: Why does lsass.exe and smss.exe are mostly target of worms/trojans to corrupt?
Basically, is it because it’s also the most common legit file that windows use for process securities and stablity?
As far as i know, Windows is updating regularly to improve security holes and other vulnerability.

Tip: Update your Windows regularly, it helps strengthen ur security and stability of your system.
————————————————————————–

@Khaye

Sorry if I didn’t noticed your posts directed to me.
If you had already read this, I assume that you knew already where to download it, because Ryman already posted it.
To answer your question, AVIRA exceeded my expectations because, like I said, It has almost all definitions regarding worms and viruses plus it’s free, compared to other free AV software that only detects few patterns, and sometimes unable to remove it.
About the expiration, I can’t also answer that as of now, because it’s only been a week since I started using it.

Thanks for posting…

February 7th, 2008 at 11:08 pm

Khaye

Ok.. Thanks for everything.

February 8th, 2008 at 7:14 pm

ail

thank you for the SSCVIHOST.exe removal procedure. ihope i did it correctly. hoping much precise step by step on procedures next time. this is for beginners. thank you!

February 8th, 2008 at 11:20 pm

KingPin

@Ryman

Hey man, Sorry for bugging you again.
Do you know how to set a password for any folder in WinXP? I’ve searched the net, but only softwares are available to password-protect folders. Doesn’t WinXP support this feature?

February 9th, 2008 at 8:20 pm

Ryman

@KingPin

Regarding Windows customization, which part of Windows do you want to customize? Background, icons, folder icons?

Yes, lsass.exe and smss.exe is a part of windows, that’s why it is commonly targeted by viruses. Even the real SVCHOST.exe is a primary target of most trojans. Trojans (like the horse in the story of Troy), must hide inside your system unnoticed to be able to ‘attack’ your system without you knowing it.

Mac OS and Linux OS are much safer to use rather than Windows. But it doesn’t mean that windows have a lot of security holes. It’s just that Windows is the most commonly used OS in the world, that’s why it is always a target for viruses and cracks. Regular updates and patches fixes these holes. Unfortunately for those users of Windows XP (like me) we only have until April this year before Microsoft stop making updates. When Win XP service pack 3 (not the release candidate, but the official release) arrives, it is the last support we will get from Microsoft.

As for password protecting your folders, you’ll have to rely on third party softwares for that. I don’t know if there is an internal function for that in the native Win XP.

Oh and feel free to comment and ask questions anytime

@ail

Thanks also for visiting.

February 9th, 2008 at 11:51 pm

faheem

have to say, gr8 job….
that bit of advice was priceless….
had the same complaint in my computer…tried all sort of things…didn’t work…had avg as anti-virus….had to do system restore….and then deleted all the above said files….
now no problems…..actually, it started from my mp3 player….deleted files from there also….
there isn’t any problem by restoring the pc, is there?
also, i have changed my anti-virus to nod 32(well updated) and also running spybot, always….is that enough protection???
would really like your opinion….

February 11th, 2008 at 8:52 pm

Ryman

@faheem

I guess you won’t encounter any more problems in your PC since the virus was removed. I use the same anti-virus as yours, although instead of NOD32, I use ESET Smart Security with the included NOD32 plus a firewall. Also aside from Spybot, install Lavasoft Ad-aware anti-spyware. And use Mozilla Firefox browser, instead of Internet Explorer.

February 13th, 2008 at 7:29 am

Meku

Dear Ryman;
I really appreciate what you stated as means of removing virus/worms from person computers.

I am now getting a simlar problem. A type of vicrus appears with name ‘Folders.exe” hides all my folders in my USB stick. Even it infected my laptop local disks. But, the virus hides itself aslo. by using Folder Option, I tried to remove it manually, but it appears again after a moment. I treid to recover my folders on my USB stick using all poosible ways.
So, can you help?
Thank you in advance.
Meku

February 15th, 2008 at 7:58 pm

faheem

thanks…..that was helpful…..keep up the good work…

February 16th, 2008 at 10:46 am

Ryman

@Meku

It keeps re-appearing because (1) the virus is still running in the background, check your task manager and (2) the virus auto executes itself or another file to replicate the one you’ve deleted.

Check the tools found at sergiwa.com if it can remove the virus for you, if not, you really need to plug your USB drive into a computer with an updated anti-virus.

When plugging a USB drive and you know it is infected, press and hold the SHIFT key immediately after you plug it, this is to prevent it from autorunning.

@faheem

Thanks for visiting

February 18th, 2008 at 12:08 am

Vashiel

Hi Ryman! Thank you for this guide. I dont even have to reformat my hard disk just to remove these virus. I’d say you are great!! Thank you for this site. God bless!

February 21st, 2008 at 12:40 pm

Ryman

@Vashiel

I’m glad my guide helped. Back then when I wasn’t knowledgeable about this kinds of stuff, I usually resort to reformat.

February 21st, 2008 at 6:30 pm

Nikko Fojas

I already downloaded the UnHookExec.inf.
And tried installing it as was said on the instructions.
But how come my TaskManager is still disabled??

February 24th, 2008 at 9:24 am

Ryman

@Nikko

You can just use the file I made to enable regedit and task manager, it only works for Windows XP.

Right click here and save as to download. Once downloaded, double click the file and it will edit your registry, remember you have to be in safe mode.

If you are still having problems, comment back here.

February 24th, 2008 at 7:36 pm

Nikko

Thanks… Problem solved!!!

by the way… when I used the file yo made (XP pc), it allowed me open my task manager but it instantly closes so I cant see the processes running. so i used the unHookExec file…

Just want to ask what’s the reasonwhy that happened, the closing of task manager thingy..

March 2nd, 2008 at 1:09 am

Ryman

@Nikko

It is because of the virus (or maybe something else?). I haven’t encountered the auto closing window. Anyway, I really do suggest using UnHookExec.inf first, and if that doesn’t work, try the file I made.

BTW, you can view the contents of the file I made if you open it in notepad, just to see what changes it will make to your registry.

March 2nd, 2008 at 9:25 am

momopi

thank you very much dude, you saved my PC.

i’m just wondering why my AVG detected the SRT - Sohanad Removal Tool as a trojan. I was able to download it before but now Firefox wouldnt access the file anymore

March 5th, 2008 at 1:32 pm

Ryman

@momopi

That’s one of the problem of AVG. I once use AVG sometime ago, but I changed to another anti-virus software because the program is detecting too many ‘false positives’

You can read about it at my post here

March 5th, 2008 at 10:54 pm

ms. mendoza

wow! galing talaga ng pinoy! tnx for the guide! you’re a big help! sscvihost has been pissing me off for more than a year already. finally! i found ya! now i know where to run to, whenever i need help on removing virus and spyware. mabuhay ka kapatid!

March 19th, 2008 at 2:43 pm

Ryman

@Ms. mendoza

I’m glad my post helped in removing the virus from your computer. If you still have problems or questions, just comment back here.

Salamat sa pag bisita dito.

March 19th, 2008 at 10:03 pm

madhu

hello sir,
i have a problem in my system where there’s a messge coming right at its start.. it says the file sscvihost.exe is found missing n so on.. i scan my system n got this virus deleted.. but still this message seems to pop up every time i start my comp.. plz help!! thanks in advance!!

March 20th, 2008 at 1:11 am

Ryman

@madhu

There are a few reasons why this happens.
1. The SSCVIHOST.exe file is called in your autorun. Type msconfig in your run box then go to startup tab. If there is a line there with the said filename, delete it.
2. It is still called in the registry. Type regedit in your run box. Then press CTRL+F on the Registry Editor. Type SSCVIHOST.exe and start searching. If found, delete the entry. Keep pressing F3 to continue searching the whole registry.
3. You have an autorun.inf file at the root of your drive. Delete it.

In addition to #1. Sometimes the system doesn’t see the file. You have to use a tool created by Microsoft for this. It is called autoruns and you can download this free small program at sysinternals.

Once downloaded, just run the file autoruns.exe and you can see all the programs that automatically runs from your system.

March 20th, 2008 at 8:47 am

madhu

Thanks loads for your timely help Ryman.. i didnt know how to perform this point of yours in your solution ” You have an autorun.inf file at the root of your drive. Delete it.”
anyways, even without doing it my problem is solved now.. the message doesnt pop up now..
i have another problem.. my storage devices are affected by viruses of the same sort like sscvihost.exe, autorun.inf etc.. my ipod n creative mp3 are affected becoz of this.. can u tell me a safe method to clean them without the viruses attackin my system? becoz of this fear i dont even charge my ipod in my system.. kindly help me!! thanks once again!!

March 20th, 2008 at 2:16 pm

Ryman

@madhu

In the case of USB flash drives, MP3 players (like your iPod and Creative), and external USB devices which have a storage here’s what you have to do.

1. First, open Folder Options from the Tools menu, in your explorer or any open folder.
2. Click the View tab and select the option Show hidden files and folders and uncheck Hide protected operating system files.
3. Click Apply, then Ok.
4. Plug your USB device while holding and pressing the SHIFT key from your keyboard. This is to prevent it from auto-running and spreading the virus. Wait until it stops reading before you release the SHIFT key.
5. Go to My Computer, and right-click the USB device from there. Choose the option explore, don’t choose autorun or open.
6. After opening the portable USB device. You can see the files related to the virus there. Delete the files that have names like these:

autorun.inf
SSCVIHOST.exe
blastclnnn.exe
New Folder.exe
__.vbs
__.exe
__.reg
funnyUSTscandal.avi.exe

or any other suspicious files you see.

After doing this, reset the setting I mentioned on #2.

The first four files above are from the Blaster Worm virus, and Sohana-D worm virus. Other files I’ve mentioned are from other types of worms and trojans that I’ve encountered in other infected USB devices. Remember that if you see any autorun.inf file in any type of external device like MP3 players, USB drives, memory cards, digital cameras and even mobiles phones, you have to delete it.

Sometimes, there are some devices that actually use this file. As a precaution, you can open autorun.inf in notepad to see its contents. If the filenames mentioned inside the files are suspicious, then look and find these named files, and then delete it.

If you are not sure if the autorun.inf file from your portable device is from a virus or a legit file. You can zip/rar (compress) it, as a backup, then delete it. That way if anything goes wrong, like your device doesn’t play anymore, you can restore it.

March 20th, 2008 at 6:12 pm

madhu

hello sir,
i did what u mentioned in your previous post but in vain.. the files like autorun, regsvr, newfolder. exe are immediately coming back after i delete it.. they’re gone for a second but come bac immediately.. kindly help..
thanks!!

March 22nd, 2008 at 4:19 pm

Ryman

@madhu

It keeps coming back because the virus is actively running in the background and you haven’t entirely removed it. You have to do the process I mentioned in safe mode (the whole removal process of SSCVIHOST.exe).

Also you have to check your registry (regedit) and autorun (use the autoruns file from sysinternals I mentioned above) to remove and prevent it from auto-running.

You have to do all of this with your USB devices not plugged in. Make sure that the virus files are gone, use process explorer from sysinternals to check all active running processes..

March 22nd, 2008 at 6:22 pm

dindin

hi! hope you don’t mind. you can also use task killer to be able to see all the running processes and windows in your computer when your task manager is disabled
http://www.rsdsoft.com/task_killer/index.php4

when you have already installed it, simply click the icon then you’ll notice that you’ll find the task killer icon in your system tray. simply click it once(left click) to stop unwanted processes or windows

Ryman // Mar 2, 2008 at 9:25 am

@Nikko

BTW, you can view the contents of the file I made if you open it in notepad, just to see what changes it will make to your registry.

March 27th, 2008 at 4:14 am

akash

hi ryman
i couldnot make the view hidden files from the folder option if i try that it will work and if i got back to check the settings the view hidden files would had already gone to donot show the hidden files button . can u plz help me out of this.
thanks in advance

March 28th, 2008 at 3:58 am

akash

i have checked the taskmanager and regedit both works but i couldnt make the show the hidden files enable despite the folder option is being working. what do i do to show the hidden files. i tried to remove it from the regedit but when i change the value form 2 to 0 the value again rolls back to 2 and i cant see the hidden files and folders . can u give me the solution i am using xp sp2.
thanks

March 28th, 2008 at 4:24 am

Ryman

@akash

I think you have another type of virus, since SSCVIHOST.exe doesn’t affect the hidden files settings. In any case, you can use the Remove Restrictions Tool by downloading it at sergiwa.com

March 28th, 2008 at 8:51 am

akash

hi reyman
since i couldnot see the hidden files i dont know the name of the virus , i could tell you only its effect even nod32 and antivir antivirus cant detect it.
can u give me the other solution
thanks

March 29th, 2008 at 12:10 am

Ryman

@akash

I couldn’t guess what type of virus you have because there are many viruses with similar effect that you have now. Did you try out the tool I mentioned in my reply above? You really have to enable show hidden files and folders.

In DOS prompt, there is a way to see the hidden files. Just type dir/p/a:h then press enter

March 29th, 2008 at 9:04 am

Rouie

Hello.. Im from phil. too. Thanks to this site. I had just found out last night that my pc has thsi virus. I kept on erasing the files and thos ethat are in the regedit but they kept on coming back. This really helped a lot. I would just liek to add a software that enable dme to view the processes and edit the regedit. You can also use TuneUp Utilities 2006…

March 29th, 2008 at 10:03 am

Ryman

Thanks for that tool suggestion Rouie

March 29th, 2008 at 10:11 am

Rouie

NOTE:

“UPDATE 2008.01.23: For an easier removal of the SSCVIHOST.exe (Sohana D) worm virus, you can get a tool to remove it at sergiwa.com
Download SRT - Sohanad Removal Tool to remove the virus and its accompanying files
Download RRT - Remove Restrictions Tool to enable RegEdit, Folder Options, Task Manager, etc.”

The download is a trojan horse

March 29th, 2008 at 12:28 pm

Ryman

@Rouie

May I ask from what source?

March 29th, 2008 at 12:53 pm

Robin

I was able to remove the file thru AVG anitvirus sw and now there is no virus but whenever when i restart my comp i am getting error “Windows cannot find SSCVIHOST.exe. Make sure you type the correct file name or else click start and search for the file”
Pls suggest resolutions.

April 16th, 2008 at 5:29 pm

Ryman

@Robin

The virus file SSCVIHOST.exe is removed, but Windows is still looking for the file because it is trying to load it. You have to manually remove the entry in your registry to stop the error.

To do this just follow the THIRD step I mentioned in the above guide in editing the registry.

April 16th, 2008 at 9:11 pm

Robin

thanks buddy. i just removed the sscvihost.exe entry but rest of the other entries were not available to be removed. This resolved the issue. Thanks buddy.
I have one more issue, while shutting down my comp its just gets struck at the shutting down window and i have to manually shutdown the system. What do u think the issue should be? thanks much for your support buddy!!

April 21st, 2008 at 1:42 pm

Ryman

@Robin

There are many causes for that error. The ones I can think of are: (1) some of your Windows system file is corrupted, and need to be replaced or re-installed, (2) there is a program that doesn’t exit properly and it is causing a stuck-up at shutdown, (3) a hard disk problem, try defragmenting or using scan disk.

I’ve encountered that problem a few years back, but I can’t seem to remember what I did to fix it. Or it just fixed it self.

April 21st, 2008 at 11:00 pm

dorxie

ryman,

thanks for your very informative entry here. however, here’s my problem with regards to the newfolder.exe virus:

1. I noticed that i have that newfolder.exe on my desktop and i assumed that it may be a virus.
2. my task manager, folder options, run, search, and reg edit were disabled.
3. i was able to bring back all the disabled commands, so i am no able to access task manager, reg edit, etc.
4. newfolder.exe is still on my desktop. i noticed that i have autorun.inf in my C: drive and when opened in notepad, it’s calling to run a program called twinz.exe (i think it’s a virus too)
5. tried to delete both autorun and twinz.exe but IT KEEPS COMING BACK.
6. i also have both files in my USB and my other partition drive D:/.

my theory: the newfolder.exe is caused by twinz.exe.

i am no super computer techie but i sorta understand the language. hope you can help me =)

any help from you will be very much appreciated. thanks!

dorxie
manila, phils

April 23rd, 2008 at 1:54 pm

dorxie

typo from my previous comment entry:

3. i was able to bring back all the disabled commands, so i am NOW ABLE to access task manager, reg edit, etc.

April 23rd, 2008 at 1:56 pm

dorxie

additional comment:

i tried running the program you suggested, autoruns. found out that one program is running. it is called “software”, publisher is “vanzame” and it has the path C;/windows/system32/spools.exe.

vanzame is also the publisher of twinz.exe. what do you think abotu this? thanks.

April 23rd, 2008 at 2:04 pm

Ryman

@dorxie

I’ve done a quick research regarding your problem. Anyway, most of what you’ve already mentioned are true.

- The newfolder.exe on your desktop is definitely a virus. And any other “folder type” that has a .exe ,.com, or .bat, so it’s best to remove it.

- autorun.inf that exists in your root folder like c:\ is always a virus. Before you remove it, open it in notepad and make a note on which filenames it is executing, then delete it.

- twinz.exe (if my sources are correct) that is being executed by the autorun.inf file is a virus. According to various sources it is a custom made virus, that is why there are a lot of anti-virus softwares that hasn’t detected this virus yet.

- I did a search on the keyword “vanzame” and it didn’t return any relevant results. In short, it is not a legit file.

Regarding spools.exe

File spools.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 2125312 bytes (37% of all occurrence), 260608 bytes, 64000 bytes, 671232 bytes, 1777152 bytes, 729088 bytes.
The file is a file without information about the maker of this file. It is not a Windows core file. The program is not visible. File spools.exe is an unknown file in the Windows folder. The program uses ports to connect to LAN or Internet. The process is loaded during the Windows boot process (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). spools.exe is able to hide itself, record inputs, monitor applications, manipulate other programs. Therefore the technical security rating is 88% dangerous, however also read the users reviews.

I will post the possible solution on my next reply here.

April 23rd, 2008 at 6:29 pm

Ryman

@dorxie

Removing the twinz.exe virus, including newfolder.exe and spools.exe

The virus is both a trojan and a worm.

Here’s what you should do. But first remove any USB drives that are infected. And also you need to have the programs (1) Autoruns and (2) Process Explorer from sysinternals.

1. Start windows in Safe mode (F8).

2. Start regedit, then do a complete search. To do this, highlight My Computer on the regedit panel, then press CTRL+F. Remember to press F3 to continue searching. Search for these keywords:
newfolder.exe
twinz.exe
autorun.inf
If found, delete the entry. Just highlight it, then press DELETE key.

3. Start Process Explorer. Look at the running processes. If the above mentioned files exists, kill it. Also check if spools.exe is running, if it is highlight it to check if it is a legit Windows file or not. Read my comment above this one regarding spools.exe.

4. Start Autoruns. Look for the process that are running/executing the above mentioned files, including spools.exe. If they are found, delete it. Be careful in deleting spools.exe, if its publisher is Microsoft Corporation, then it is a legit file.

Check the spelling, sometimes virus makers tags a virus with almost the same spelling like Micro$oft Corp. or Yahoo Messengger. Always check the spelling.

5. You will have to delete the files from your hard drive very much like the SECOND and FOURTH steps I mentioned in the above guide (in removing SSCVIHOST.exe). But instead look for these files:
newfolder.exe
twinz.exe
autorun.inf

The SECOND method is using DOS mode. Since I don’t know exactly where the files are located you have to find them yourself. You can use the method similar in the FOURTH step since it is windows based and your folder options are already running.

5.1 Next, search your hard drive for the file: spools.exe. We can’t be too sure if it is legit or not, but just to be on the safe side, I would suggest you backup the file before deleting it. One way to back it up is to compress it in a .ZIP or .RAR file, that way it won’t execute easily.

5.2 Also check your other drive d:\ e:\ f:\ and so on for these files. Then SHIFT+DEL it so it won’t go to the recycle bin. Remember your root drive c:\ d:\ e:\ etc must not have any autorun.inf file

5.3 Remove the files from your USB devices like: USB drive, memory card, digital camera, mp3 players, and even your mobile phone. All of these can also be infected, believe me when I say that my MP4 player always got infected, and a friend’s mobile phone.

Remember to hold the SHIFT key when inserting USB devices to stop them from auto running and infecting your computer. All of the USB devices I mentioned above must not have an autorun.inf file on its root folder. But be careful, because there are some USB devices that actually use a legit autorun.inf file. So make a backup (ZIP/RAR), or check its contents by opening it in notepad.

6. Now all the registry entires, autoruns, processes, and the actual files are deleted, you can re start your windows normally.

————–
Also, like I always do, make a backup if you are not sure about what you are deleting. To backup the whole registry, just highlight my computer (in regedit), then select export on the file menu. So if anything happens, like you are getting errors and stuff, you can use the import (or just double click the exported file) function. To backup files, just ZIP or RAR it.

I also suggest using The Ultimate Troubleshooter. It shows all the process that are running, and also the startups. What I like about this program, is that it gives additional info and every little details on the known programs that are currently running. It is free and no installation needed.

Oh and please give a feedback of the results or anything that I’ve missed. I haven’t got a chance to encounter the virus you mentioned so I’m not entirely sure if the process I made is complete.

April 23rd, 2008 at 7:13 pm

oliver

Thanks a lot. You don’t know how great full i am removing this stupid virus.

May 27th, 2008 at 10:14 am

AALLx

Thank you very much for this very helpful guide. I surely could not have removed this virus without your help ^_^

June 16th, 2008 at 10:28 pm

Jan

100

After I press F8 Safe Mode option is not shown on the menu only these:

1st FLOPPY DRIVE
HDD: PM-SAMSUNG SP08822N

Help!

June 20th, 2008 at 5:15 pm

Ryman

101

@Jan

What operating System are you using? Is that Windows XP, or another version of Windows? or another O.S.?

June 21st, 2008 at 4:32 am

geelah

102

hello! i just want to ask, how can i remove or repair the error messages that appear on the screen whenever i turn on the computer? here it goes:

Windows cannot find C:\WINDOWS\System32\Tools\DelFolders.exe
Make sure you typed the name correctly and try again To search for a file, click start button and search again.

and

Windows cannot find SSCVIHOST.exe
Make sure you typed the name correctly and try again To search for a file, click start button and search again.

Thanks in advance.

June 23rd, 2008 at 7:13 pm

geelah

103

hello! i just want to ask something, on following your steps above, i can’t figure out why there’s nothing happening whenever I press F8. A menu should appear right? but why is it a supposedly menu doesn’t seem to appear? what should I do in dealing with this? Thanks in advance!

June 23rd, 2008 at 9:11 pm

geelah

104

hello! its me again..wow! pinoy ka pala..pano ko po malalaman ang sagot nio? do i need to open this site over and over again or ul just send an email? i am using Windows XP and the anti virus currently installed is AVIRA..thanks!

June 23rd, 2008 at 9:33 pm

Ryman

105

@geelah

Sorry for the late reply

1. A quick solution for your first problem (first post) is use Autoruns from Sysinternals, which you can download for free at technet.microsoft.com.

After you download the file, just double-click the file to start it. Then look for entries that match “DelFolders.exe” and “SSCVIHOST.exe” then disable it, or better yet delete it. You have to look in each tab and make sure you remove it.

2. The F8 menu appears on every version of Windows. Try restarting your computer then keep pressing F8 until a menu appears, and before Windows starts. If nothing happens, tell me what showed up on your screen.

3. Hmmm… I usually open this site early morning and late night, so I’ll be replying here. And yes I’m a Filipino.

June 23rd, 2008 at 11:45 pm

Ryman

106

Pahabol…

There are two possibilities I can think of regarding the F8 malfunction (not working).

But before we get to that, first try to boot normally in Windows, then Start your Run box, and type msconfig. Then go to BOOT.INI tab and check the box /SAFEBOOT

When you restart your computer, it will go into safe mode. Just do the process again in Windows safe mode, and uncheck the box to start back to normal Windows.

———-

If the above method doesn’t work…

1. You are using a USB keyboard, and not the old PS/2 type. If this is true, you have to go to your BIOS then go to setup utility and enable the USB legacy support. That should fix F8 key not working.

To go inside your BIOS, just restart your computer and as soon as the first message appear on your screen look down at the bottom part to see which key opens your BIOS, it can either be the DEL key or F2, or sometimes other keys. Press it as soon as you see it.

2. Another possible reason is the NTLDR file is missing or corrupted. Here is an excerpt on how to restore this.

to restore your missing NTLDR, boot from your XP installaton CD into the Recovery Console, at the command prompt type the following two commands, pressing Enter after each one:

copy d:\i386\ntldr c:\

copy d:\i386\ntdetect.com c:\

(In the command listed above, d: represents the drive letter assigned to the optical drive that your Windows XP CD is currently in. While this is most often d, your system could assign a different letter. Also, c:\ represents the root folder of the partition that Windows XP is currently installed on. Again, this is most often the case but your system could be different.)

If you’re prompted to overwrite either of the two files, press Y.

Take out the Windows XP CD, type exit and then press Enter to restart your PC.

Source: computing.net

June 23rd, 2008 at 11:58 pm

geelah

107

thanks! salamat talaga! good day! =p
God Bless you! =p

June 24th, 2008 at 2:03 pm

geelah

108

kuya, wala na ung nagaappear na dalawang dialogue box whenever i restart the pc. i.ve followed your instructions above about the autorun. But here’s another problem, whenever i hit F8, nothing appears. what menu should appear? Probably, i’ll follow the other step:

“But before we get to that, first try to boot normally in Windows, then Start your Run box, and type msconfig. Then go to BOOT.INI tab and check the box /SAFEBOOT

When you restart your computer, it will go into safe mode. Just do the process again in Windows safe mode, and uncheck the box to start back to normal Windows.”

And I am not familiar with NTDRL file. lol. =p

Kapag lumabas na yung safe mode na yun, i’ll start removing the virus by following the provided (long)procedures above. Kaya lang natatakot ako baka kasi magkamali ako.lol

On the other hand, salamat sa time at pasensya na rin sa kakulitan ko at sa istorbo. lol
=p

Good day and God bless you for sharing your knowledge.. =p

June 24th, 2008 at 3:04 pm

geelah

109

which is easier? downloading the suggested tool above or following the step-by-step procedure?

If I download this:SRT - Sohanad Removal Tool to remove the virus and its accompanying files, do i need to uninstall my current antivirus (avira)?Because some anti virus are not compatible with others, so, they demand to uninstall some.

Do I need to download both the Sohanad Removal Tool and RRT - Remove Restrictions Tool to enable RegEdit, Folder Options, Task Manager, etc?

A million thanks…=p

June 24th, 2008 at 3:43 pm

geelah

110

bakit ganun?akala ko natanggal ko na yung autorun pero nung sinindi ko ulit itong pc bumalik ulit yung sscvihost.exe… haays

June 24th, 2008 at 8:49 pm

Ryman

111

@geelah

You can try using the tool above, but some anti-virus software detect the tool as trojan, which is just a false positive.

But to be safe, just follow the long instructions above. You can “save as” this page so you can open it when you are in safe mode, or you can just copy this in your notepad.

As an alternative, if you don’t want to use the Restrictions tool above, you can just download a registry entry I made to enable Regedit, Folder options and task manager.

Right-click and save target as…

Enable-Reg-Task.reg
Enable-Explorer-FolderTools.reg

After downloading, just double-click to merge it into your registry. And you can skip the second half of the Third step above.

About naman sa SSCVIHOST.exe babalik talaga yan hanggat hindi mo naalis lahat ng files niya sa computer mo. Yung tinanggal mo sa autorun, instructions lang yun para hindi umaandar yung virus, pero yung virus nandyan pa rin.

Just do the step-by-step process above to remove the virus completely.

Feel free to ask again anytime.

June 25th, 2008 at 1:34 am

geelah

112

hey it’s me again..=p
i just want to ask some questions regarding the ‘removing of the SSCVIHOST.exe’.

i tried to press Start then Run box, and type msconfig. Then go to BOOT.INI tab and check the box /SAFEBOOT

but a dialogue box appeared. it says:

“An access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes.”

Successfully, i restarted the pc using the safe mode but again a dialogue box appeared:

“System Configuration Uility
You have used the System Configuration Utility to make changes to the way windows starts. The SCU is currently in Diagnostic/Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts. Choose the Normal Startup Mode or the General tab to start windows normally and undo the changes you made using the SCU”

-san ko po ba makikita yun? I have typed misconfig in the runbox and unchecked the safeboot para pag nirestart ko, it would go back to normal.

-A while ago, nung naka safe mode na, diba sabi nio po the task manager will be working by then, pero hindi pa rin sya gumana.. bakit kaya? kaya tuloy, diko na tinuloy yung following steps to remove that stupid virus.lol.

-saka, how would i log on using an administrator account?eh yun naman ata yung gamit ko, ung computer administrator.

-kapag po ba natnggal na ung sscvihost, wat files will be erased?ung affected lang by the virus or lahat ng nasa my documents or my computer?

THANKS in advance…God bless you.

June 29th, 2008 at 4:28 pm

geelah

113

Unfortunately po, bumalik po ulit agad yung dialogue box na to:

Windows cannot find C:\WINDOWS\System32\Tools\DelFolders.exe
Make sure you typed the name correctly and try again To search for a file, click start button and search again.

yung delfolders.exe po na yan, virus din po ba?

June 29th, 2008 at 4:33 pm

Ryman

114

@geelah

Hello again

Since you’ve already managed to login under safe mode then that means you can do the necessary steps to remove the virus.

Don’t worry about the dialog boxes that appear since by the time you have removed traces of the virus it will be gone as well.

1. In your Msconfig, just go to the first tab (General) and select Normal Startup to revert to the original settings. ANd also go to BOOT.INI tab and uncheck /safeboot if you are not going to boot into safe mode.

2. Na disable ng virus yung task manager. Use the registry file I made. Yung link nasa top the comment mo ang names ay:

Enable-Reg-Task.reg
Enable-Explorer-FolderTools.reg

3. Para malaman mo na ikaw talaga yung administrator. Sa start menu, click mo lang yung image/picture sa tabi ng name mo. Yung nakalagay sa maliit na square sa taas ng start menu. Yung lalabas na window, click mo yung Home. Then “Computer Administrator” dapat nakalagay sa baba ng name mo.

4. Yung files na namention ko sa steps above yung kailangan alisin. Since yung SSCVIHOST.exe is a worm virus, hindi naman nya sisirain yung files mo, unless modified version yun. So wag mo na alisin yung mga files ng computer mo except yung virus files.

Yung delfolders.exe ay kasama ng virus, dapat alisin mo yung file manually sa safe mode. Yung SECOND step sa procedure ko sa taas, i-add mo dun sa steps na aalisin na files yung delfolders.exe like this

attrib -h -r -s delfolders.exe
del delfolders.exe

June 30th, 2008 at 7:49 am

geelah

115

hello! it’s me again.
kuya, gumana na po yung f8 kaso ang mga pagpipilian lang na nakalagay ay:
1st floopy disk
ST340014A
and
ASUS CRW-523A4

wala naman nakalagay na safe mode…
what does it mean?
thanks again! =p

July 1st, 2008 at 2:28 pm

GOKUL

116

Thank you for the information.

July 8th, 2008 at 12:05 pm

Ryman

117

@geelah

Piliin mo lang yung hard disk mo, ST340014A then press mo ulit F8 para lumabas yung menu na galing sa Windows.

July 12th, 2008 at 3:32 am

geelah

118

ok thanks po! =p

July 12th, 2008 at 4:35 pm

Sylune

119

Thanks for doing this for us! I just got recently infected when my friend transferred files from his PSP to my pc.

However, just to let you guys know, the virus somehow is spelled differently. Instead of SSCVIHOST.exe, it’s spelled either SCVVHSOT.exe or SVCCHOST.exe.

But I managed to remove it, thanks to your extremely helpful removal guide. More power to you!

July 16th, 2008 at 11:33 am

Sylune

120

by the way, do you know a way how to get rid of that file in the psp? thanks again! =3

July 16th, 2008 at 11:35 am

Ryman

121

@Sylune

Yes, the spelling of the virus is often changed so that it would be a little harder to detect.

Anyway, to remove the virus from your PSP, here is what you should do.

1. Plug your PSP USB to your computer, while pressing and holding the SHIFT key so that the autorun won’t execute.

2. Then open it in your My Computer. Take note that DO NOT double-click the removable drive (which is your PSP drive). You have to right-click on the icon and choose explore. Double-clicking it will sometimes execute the virus.

3. Your Folder options settings should show all hidden files, and uncheck the hide system files . Just like the FOURTH step on the procedure above.

4. Delete autorun.inf on the root folder of your PSP, and any other file you see there. If my observations are correct on my own PSP, there wasn’t any file on the root drive of the PSP, except the two files (I forgot the name) which has a zero byte filesize.

5. Check also the other folders on your PSP if there are any file that has a .exe (Application) extension. You can see it if you view the files using Detailed View. Also check for dubious folders, there are some folders that have a .exe extension which is related to the virus.

6. Also be careful in deleting files. If you are unsure if the file should be deleted or not, just compress it using zip or rar so that you can restore it again. Delete the file in question and keep the compressed file as a backup.

July 17th, 2008 at 5:42 am

geelah

122

hello kuya! it’s me again! ngayon lang ako nagkatime na ayusin ulit un virus. Anyway, gumana na ung task manager, natapos ko lang yung FIRST step hanggang number4 kc po under dun sa end task the following, wla namang blastclnnn.exe, new folder.exe at SSCVIHOST.exe

ang lumabas under sa processes tab eh “svchost.exe”

nakakalito, are they the same? saka inend task/process ko na sya kaso nagshushut down at pag ni reboot ko naman at icheck ang task manager, andun pa rin. kahit i end task ko, pag sinindi ko tong pc, nasa task manager pa rin ung svchost.exe tatlo pa ang entry yung isa username nia yung system at yung dalawa ung administrator namin. what does it mean?

saka ko po pla,namerge ko na rin ung pinamerge nio dati kaya pwede ko na iskip yung second half sa third step.

dun po ba sa SECOND step #2, do i need to press enter for me to type the following entries under #3?

Thanks ulit! =)

August 9th, 2008 at 2:08 pm

Ryman

123

@geelah

1. Yung svchost.exe normal lang yun, windows ang gumagamit nun kaya wag mo delete or end task.

2. yup pwede mo na skip yun

sa tingin ko ok na naman yung pc mo since yung mga files ng virus na dapat i delete mo ay wala na

August 11th, 2008 at 2:08 am

mulyadi indra

124

bravo to this site..

thank u

August 11th, 2008 at 4:32 pm

geelah

125

ah ganun po? thanks! eh kasi po ang bagal pa rin ng PC. oo nga po, lagi ko iniiscan at lagi nkaupdate ung avira antivir namin, wala naman nadedetect na virus pero super bagal pa ring magread. saka andun pa din ung error message n

Windows cannot find C:\WINDOWS\System32\Tools\DelFolders.exe
Make sure you typed the name correctly and try again To search for a file, click start button and search again.

August 11th, 2008 at 9:28 pm

Ryman

126

@geelah

baka kailangan ng i maintenance yang PC mo, like reformat or defragment para bumilis. anyway, gawin mo yung step five sa taas para maalis yang error message na yan.

August 12th, 2008 at 8:54 am

geelah

127

ok! a million thanks again! God bless you always! =)

August 12th, 2008 at 8:32 pm

micoh

128

ryman

i want to ask you about the cmd thing, when i run it my pc automatically shuttingdown….why is it…because im attmpting to fix the sscvihost.exe thing so as you said in your guide i will use the dos com so i try it ans there goes the other problem that shuttingdown thing….

September 4th, 2008 at 2:01 pm

Ryman

129

@micoh

it is because of a virus. if you want to use the cmd at the run box, just open another run box and type in

shutdown -a

don’t click Ok or press enter, just leave the box there, and just open another run box then type cmd to go to the dos box.

oh and that is caused by another type of virus, unfortunately, I forgot its name.

September 4th, 2008 at 10:03 pm

Marife

130

kuya thanks na khit d q p nttry burahin yung virus s cp ko. thanks for the info…

September 11th, 2008 at 2:27 pm

micoh

131

@rynman

still the same how to fix it……the ssvihost.exe is fix already. this the only problem left im encountering….can you help me…to solve this…?

September 16th, 2008 at 11:38 am

Zef

132

Hey Ryman, I do understand all of this, but am encountering a problem too,once I’ve downloaded the UnHookExec.inf, and when i use the safe mode and go into “administrator”, I can’t locate the file there as its been downloaded and placed on the desktop of my other user. How to I find that file????

Second thing, you have given some extra info ( copy pasting below) :-

UPDATE 2008.01.23: For an easier removal of the SSCVIHOST.exe (Sohana D) worm virus, you can get a tool to remove it at sergiwa.com
Download SRT - Sohanad Removal Tool to remove the virus and its accompanying files
Download RRT - Remove Restrictions Tool to enable RegEdit, Folder Options, Task Manager, etc.

——————————————————————-

I tried this. But when i download the first one (SRT) - it gets scanned and does everything necessary but it doesn’t detect the virus. But after I restart my laptop, the error message “bla bla bla SSCVIHOST.exe cannot be opened bla bla” doesnt appear anymore. Then once i use the RRT option, i am enable the CTRL - ALT -DEL option and folder options too. But I want to recheck if the virus is still present in my laptop or not, as the SRT scanned,deleted and found 0 viruses. Now what should I do?? How can i recheck?? or how can I use your method as run as an administrator and install UnHook…..

Sorry for keeping it long

Thanks anyways - Please reply

September 23rd, 2008 at 3:06 am

Ryman

133

@Zef

1. You can download the file again and save it to your c:\ so you can easily locate it.

or as an alternative you can use the file I created Enable-Reg-Task.reg

Just richt-click, save file as, and when it is in your desktop, just double click it.

2. To check if the virus is still there you can use a free scanner like Malwarebytes.org

or check your registry by doing the 3rd step above and the fourth step above..

3. Since you are not getting the error anymore, It may also mean that the virus is gone. If you are running an anti-virus software, update it then scan your whole computer.

If you don’t have one, you can download a free trial of ESET NOD32 (which I highly recommend) then scan your laptop.

September 23rd, 2008 at 4:53 am

Zef

134

The error message doesn’t pop up on restart anymore so I don’t think the virus is still in my laptop.

I have also downloaded yahoo messenger again and I don’t get any complains about “weird website links” from my friends so I think the SRT and RRT have done their job even though I wasn’t notified.

Thanks for all your help bro. Truly appreciated. Don’t think would be needing ESET NOB32 as I have Norton Anti - Virus ( which wasn’t able to detect the virus even though i have an updated 2008 version and pay for it yearly ) Have scanned my laptp now with Nortain AV and no viruses detected so I think am not in danger anymore. Even though Norton did aware me and blocked a few viruses when i plugged in my USB ( Maybe it couldn’t stop all the viruses from entering and managed to block only a few) . Now i need to know, how can i uninstall RRT ??? Or atleast how can i stop that pop up with always irritates me when i immediately start my laptop…??

Sorry for disturbing you time and again but it would be good if you could help. What should i do to the RRT now??? Can’t find any options to uninstall or delete it from my laptop

Thanks anyways

September 23rd, 2008 at 8:38 pm

Ryman

135

@Zef

As far as I know RRT doesn’t need to be installed. You can just delete the file where you placed it. also check your system tray if it is there. just right click on it, then select exit/quit.

If it is showing a popup window when your computer starts, check the following:

1. Your startup. Type msconfig in your run box, then go to startup tab. just uncheck it, if it is there.

2. Run regedit, then click edit, then find, and type the executable name of RRT. do a search, if it is found then delete the entry.

if you still have more questions feel free to post back

September 23rd, 2008 at 10:46 pm

Zef

136

Thanks a lot - Did the necessary through msconfig

Thanks again

September 23rd, 2008 at 10:56 pm

jjmaki

137

I did this on my computer and it totally works but my mom’s laptop is infected but it always say “Windows cannot find SSCVIHOST.exe. Make sure you type the correct file name or else click start and search for the file”. i tried to type that third step but it’s still has the symptoms, Task Manager and RegEdit doesn’t work, i uses process explorer but SSCVIHOST.exe isn’t there, please help

September 28th, 2008 at 6:29 pm

Ryman

138

@jjmaki

That happens because the executable file is still being called from an autorun command.

1. First you have to enable your task manager and regedit.
Enable-Reg-Task.reg

right click the file above, save it, then double click the file to merge it to your registry. it should enable both the process.

2. go to safe mode. and follow the third and fifth step. task manager should be working as well as regedit.

September 28th, 2008 at 10:21 pm

jjmaki

139

i used Enable-Reg-Task.reg but it still doesn’t work

October 3rd, 2008 at 9:45 pm

Ryman

140

jjmaki

It should work. BTW are you using Windows XP or some other OS?

October 3rd, 2008 at 10:54 pm

dhani

141

Hi, I’m dhani from Indonesia
Thank you for posting this article, its really useful.
I have this problem when i use my friend flashdisk, and it make me wanna cry cause of this sscvihost.exe
until I found you on this website. I really thank you so much,
I also post your articel in my blog. I hope it okay…

October 11th, 2008 at 8:54 am

sylunedarkchylde

142

Haha! My friends like using my pc and with their flash drives comes new viruses every single time. Good thing you still have your very helpful page here. I keep coming back to it; it is very reliable! It may not be the exact same virus but the removal steps here work like a freaking charm! Thanks a lot dude!

October 13th, 2008 at 2:58 am

sylunedarkchylde

143

@jjmaki

sometimes the virus comes with a different spelling. Try to exchange letters here and there. Mine was SCVVHSOT.exe and SCVIIHOST.exe, very different with the one posted here. Try to mess around with the spelling, just make sure you don’t delete the system file! =3

October 13th, 2008 at 3:01 am

Super Genius

144

Thanks a lot to your Enable-Reg-Task.reg. God Bless you…

November 5th, 2008 at 10:57 pm

Super Genius

145

Idol, san bang site ako pwedeng mag download ng photoelf yung free talaga, maybe crack serial. Thanks a lot. Your the best. Ikaw ang master ng lahat.

November 6th, 2008 at 5:52 pm

Ryman

146

@Super Genius

Try mo sa torrent sites. or search mo sa google yung keyphrase na “photoelf full crack”

November 7th, 2008 at 12:56 am

Super genius

147

Idol, Thanks again, happy birthday. God Bless you always. Take care always.

November 10th, 2008 at 2:19 pm

Zef

148

Any idea how to remove ‘asdsdsd.exe’ ??

Its stuck in my :c/documentsandsettings/user folder

And even 4 mins, my Norton AV says the auto protect blocked a Trojan Horse coming from that - I did the manual delete but it didn’t really work. If you know anything bro, keep me informed

Thanks

January 12th, 2009 at 11:11 pm

Zef

149

Hey Ryman, sorry to keep on pestering you…..

But I’ve got a virus in my laptop again. Something called asdsdsd.exe - If you have any idea on how to remove it or something, do help me out, if not, its cool with me bro Thanks for helping me out before

- Zef

January 13th, 2009 at 7:10 pm

geoffrey

150

kabayan!!!! Thanks for your help.
Done your step by step procedure - the virus is gone… but so is my desktop and my taskbar… please help

January 15th, 2009 at 10:03 pm

Ryman

151

@Super genius

thanks for the greeting.

@Zef

You can do the second and forth step (while in safe mode), but instead of searching for the SSCVIHOST.exe you can search for the virus file asdsdsd.exe

feel free to comment back here again

@geoffrey

from the third step above, you shouldn’t have deleted the explorer.exe from your registry. just do the third step above and add again explorer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
“Shell” = “Explorer.exe SSCVIHOST.exe”
(edit and remove the word SSCVIHOST.exe leaving only Explorer.exe, if you screw this up windows shell won’t show on your next boot)

to start your taskbar manually, press CTRL+ALT+DEL, then click File, New task run, then type, explorer.exe

January 16th, 2009 at 9:39 am

geoffrey

152

Ryman,

I actually didn’t remove explorer.exe. I just removed SSCVIHOST.exe. anyways, upon checking, the 2nd e from .exe was missing. restarted the pc and it is working properly. thanks again kabayan.

January 16th, 2009 at 9:43 pm

jjmaki

153

since you help last time, can i ask you if you know this virus/spyware, it’s called password.doc.exe

you see my usb got infected again and i thought it was gone already but…. now computer is also infected

March 20th, 2009 at 6:09 pm

Ryman

154

@jjmaki

I can’t find the exact name of the virus you’ve got. But what exactly does the virus do? does it creates many files? is your folder options or task manager still working?

You can actually remove this virus on your computer if you log in to Safe Mode. Then make a thorough search on your computer by searching its filename and deleting it and also searching for the same name on your registry.

Feel free to ask again here, for more support

March 21st, 2009 at 10:59 am

jjmaki

155

thanks but i already removed it (^o^)

March 21st, 2009 at 9:44 pm

patibaito

156

whenever my pc starts, a pop-up always comes out and says that “SCCVIHOST.EXE cannot be found” or something like that. my ctrl-alt-del still works SOMETIMES though. does this still imply that my pc is still infected with this worm?

and what can you say about KASPERSKY 2009? do you think this is better than BITDEFENDER 2009?

July 4th, 2009 at 4:26 pm

3 Trackbacks/Pings

sscvihost.exe virus « defiance is not a sin Sep 18 2008 / 2pm:

[...] HERE and HERE Posted by aby Filed in How-tos Tags: Sohanad, [...]
sscvihost.exe virus « Horizons Meet Oct 20 2008 / 11pm:

[...] click HERE and HERE Posted by aby Filed in How-tos Tags: Virus [...]
CARA MENGHILANGKAN VIRUS SSCVIHOST.EXE TANPA SOFTWARE ANTIVIRUS « Jan 26 2009 / 2am:

[...] 11, 2008 Konteks asli dari artikel ini ada di http://www.eternalmoonlight.net gw dapet waktu gw browsing nyari solusi yang mendera komputer rental. Cuma terjemahan secara kasar [...]

Eternalmoonlight.net

Removing the SSCVIHOST.exe worm virus

Related Posts

156 comments so far

3 Trackbacks/Pings

Leave a reply

Navigation

Recent Posts

Recent Comments

Categories

Archives

Random Quote