TechSpot

RAVMON.EXE,MDM.EXE,SVCHOST.EXE Hidden files options not working (solution)

By elsahib
May 24, 2007
  1. hello guys, i'm new around here, and i've been through a very painful "war" with a virus, and i guess many others are having this same issue right now, so i'm planning on giving those who are still on that fight a solution, find it below:

    Well, let’s start cleaning the virus ;)

    First
    Stopping the virus:

    ________________________________________
    u need to check the task manager to see if there is a (SVCHOST.EXE) running under the current logged in username and try to terminate it

    Note:
    After u terminate the virus try not to double click on any of you computer driver coz this action will start the virus allover again, when u need to access any of ur drivers (Hard Disk Partition), type it’s drive letter in the address bar and it will open without starting the virus process.


    Second
    Fixing the show hidden files and folders:

    ________________________________________
    Then u need to open “Registry Editor” and then go to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
    And delete the Existing “CheckedValue” of the type “String” and create another one of the same name but of the type “DWORD” and set it’s value to “1”
    Then open “My Computer” and go to: Tools> Folder Options> View> and select “Show hidden files and folders” and Uncheck “Hide protected operating system files”

    Third
    Deleting the virus:

    ________________________________________
    The easiest part, all u have to do is to delete the following files from ur computer ( don’t forget how u should open the drivers or u will have to do it from the start )

    1.C:\windwos\SVCHOST.EXE
    2.C:\windwos\SVCHOST.inf or ini (probably they will be together side by side)
    3.C:\RAVMON.EXE
    4.C:\Autorun.inf

    Then check the rest of the hard drivers you have on your computer ( D, E, or whatever) for the files Number (3 and 4)

    Restart your computer and run XoftspySE latest Version (4.31.232) u can download it from the internet.

    i hope i was of a help!
     
  2. watcher

    watcher TS Rookie

    Delete SVCHOST ?????

    Maybe you just misread the file SSCVHOST and SCVHOST into SVCHOST
    SVCHOST is a windows file and not a virus. just observe the "CV" and "VC" spelling, ok.

    your other instructions are ok...but the last one is definitely a big mistake.
    Svchost.exe" (Generic Host Process for Win32 Services) is an integral part of Windows OS.
    It cannot be stopped or restarted manually.

    It manages 32-bit DLLs and other services. For more information regarding SVCHOST feel free to check this "help.lockergnome.com/general/Svchost-exe-ftopict37303.html"

    Goodluck !!!
     
  3. kritius

    kritius TS Guru Posts: 2,084

    Why that one particular program?

    I wouldnt trust any program that had once been on Spyware Warriors rogue program list, even if it was de-listed.

    Use with caution if at all.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...