TechSpot

another program is using this file

By Max_Power
Sep 8, 2006
  1. hi. this is my first thread. I dont really know that much about these things. My control panel programs are are in use and as with weekend warrior my cpu sounds pretty busy. I ran hjt. Heres the log Logfile of HijackThis v1.99.1
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please post your HJT log as an attachment. See HERE for instructions.

    Regards Howard :)

    This thread is for the use of Max_Power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Max_Power

    Max_Power TS Rookie Topic Starter

    I used kaspersky, and ewido, and found a trojan.small.js but i still cant access my control panel programs. I tried to load the suggested OL scanners but had some problems running them. please advise. heres my hjt
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    svshost.exe<Not to be confused with svchost.exe which is legit.

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [svshost.exe] C:\WINDOWS\system32\svshost.exe

    O4 - HKCU\..\Run: [svshost.exe] C:\WINDOWS\system32\svshost.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\system32\svshost.exe

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Rename the HijackThis.exe file to HijackThis1991.exe and post a fresh HJT log.


    Regards Howard :)

    This thread is for the use of Max_Power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Max_Power

    Max_Power TS Rookie Topic Starter

    well, i still couldnt access my system file to turn off system restore. so I decided to jump ahead and end svshost if i found it. as soon as i clicked on it ewido found a trojan.small.js in my rundll.exe. After quarintining it i was able to access everything normally. I followed the steps given, and now everything is tip top. I havent removed the quarentine file yet, but do I need a rundll.exe, i looked for it on my parent s computer (whom also run XP) but was unable to find one on theres. Is it just the virus camoflauge or a real app/file? Anyways other then that my problem is solved.... for now. My many thanks, for all your help, and heres my HJT
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    The rundll32.exe file is part of Windows and shouldn`t be deleted. The legit file should be in C:\windows\system32\rundll32.exe folder.

    Rundll.exe in the Ewido quarantine should be deleted.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Max_Power only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Max_Power

    Max_Power TS Rookie Topic Starter

    Alright, will do. and thanks again to you and this site.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...