Scvvhsot + autoit + touched Error

[gp_dhaliwal]

Greetings to Tech community+Forum

Since last 3 days i have been under the threat of the above mentioned Errors on my Toshiba Qosmio. Speed has been drastically dropped down and slowed down the entire processiing of all applications on my system.
That exactly happened from what i understand by mistake and unintentionally a link accidently got clicked in my offline yahoo messenger (as my laptop does have a Touchpad active on it) which even further automatically got fowarded to the entire groups on my yahoo and now resulting in the errors that i am facing since then. Please read the errors as under and try to help me out with formatting my system. Thanks in Advance and i will really appreciate an early suggestion to come out of what am facing rt now. Errors as they appear:-

1. AutoIT Error
Line 0 (File C:\Windows\System32\SCVVHSOT.exe"):
Return Runwait (Execute($SA1030B030B047) & $SA1630C030C023 & $A3030A030A00E,''', Execute($SA5F30D030D00A))
Error: Unable to execute the external program.
Access is denied.

2. TouchED Error
Retrieval of "THotkey" failed
Error Code - 0 x 00031402 0 x 00000002

Looking foward for a solution without formatting. I have a symantec antivirus, but subscription expired in April 2007 for new virus definitions.

 

[kritius]

Looking foward for a solution without formatting. I have a symantec antivirus, but subscription expired in April 2007 for new virus definitions.

Uninstall it then and get a different one, AVG Free or Avast! are both good.

 

[gp_dhaliwal]

Does that mean Installing anti virus will help me get rid of the problems i am facing. Or i have to do something else also, please suggest.

 

[LookinAround]

Unfortunately, the people who create viruses haven’t stopped creating new ones. Since your virus definitions stopped getting updates in April, 2007 your anti-virus product doesn’t know about any viruses discovered since April, 2007 (or new preventive measures it could be taking)

Your first step is installing and running up-to-date virus protection software so your anti-virus is aware of all currently known viruses. Like going to the doctor when you’re sick, no one can tell you for certain all the corrective actions needed to make everything better. You need to start taking the right corrective actions now and then re-assess how healthy the “patient” (your computer) is. I’ll add

• You should probably also be running anti-spyware software as well (AVG anti-spyware is free also)
• You're best to have a firewall installed also
• Understand the free versions don’t provide all the features or preventive measures you can get in the purchased version
• The AutoIt error / filename: scvvhsot.exe is a clear indication of a virus though I’m not certain if it’s a still active virus or if what you’re seeing in the error message are just remnants left behind after Norton stopped it from running ("deactivated it") but couldn’t remove all its pieces.

 

[kritius]

Understand the free versions don’t provide all the features or preventive measures you can get in the purchased version

NOt necessarily true, any free anti virus you get is 10x better then Norton.

Your best bet is to use the Norton Removal Tool and then uninstall it and get AVG Free or Avast antivirus as well as a firewall like Comodo or Zone alarm.

I need you to follow all the steps HERE and then post back with the three requested logs as attachments

• AVG antispyware
• ComboFix
• Hijackthis (step 15)

Dont forget to make sure that AVG is set to quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.

 

[LookinAround]

Clarification!

I didn't mean to imply paid Norton was still better then AVG Free.. rather I was trying to suggest gp_dhaliwal consider buying AVG! And when you buy them all from AVG they're integrated and work together.

btw.. for readers who don't know you can get a very good deal on AVG's Internet Suite (which includes anti-virus, anti-spyware, firewall) for one computer for 2 years coverage or getting a package including 3 licensing for 2 years each (nice $$ savings if you have multiple PCs to protect)

 

[kritius]

I just dont like security suites, I prefer to have my antivirus, firewall and antispyware software seperate and all programmed to do the one thing.

 

[LookinAround]

I think you're missing my points.

I wasn't saying any paid product is better then a free one (but in that post, my point wasn't necessarily clear)

But i'm also not saying just because there's a suite, it's better then choosing your own 3 separate personal choice of products. However, I am saying that I find the value of the AVG suite quite good. (Value being defined as how one measures $$ cost against features and performance you get in return).

AVG anti-virus and anti-spyware are both recommended often when you look at recommendations. There are some features and a few things in their firewall i'd prefer they did otherwise but it still does a good job. Each one is programmed to do its own job. But they're also programmed to work together. So, for example, a single control panel interface to access all of them, to update them, etc. is more convenient. I would think even more so for those less computer-savy and who might find it that much more confusing and difficult to do have a different look and feel for the user interface for each product from different companies.

And, personally, i found the price of the suite iery attractive vs. the value of what i was getting in return (which includes a single interface which can integrate the 3 pieces which don't do any less work when sold together vs. separate which is still another way to buy them)

 

[Bobbye]

1. For the TouchED Error:
This is not a Worm. This is not malware. This is not adware. This is not a virus: This is is a Toshiba touchpad utility.

Fix: Navigate to C:\Windows\system32
Right click on Start> Explore> Windows> System 32)

DELETE 000StTHK.exe and 00THotkey.exe.manifest
COPY 00THotkey.exe
Navigate to C:\Documents and Settings\All Users\Start Menu\Programs\Startup

PASTE 00THotkey.exe into the Startup directory.

Creating a shortcut may work just as well,
From Briggs at Castlecops.

2. For scvvhsot.exe: This IS a Worm:
Name: Yahoo Messengger
Filename: SCVVHSOT.exe
Description: Added by the W32/SillyFDC-AE worm.
Description and Removal:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-091012-3047-99&tabid=2

"I have a symantec antivirus, but subscription expired in April 2007 for new virus definitions." You have been a sitting duck for a year!

Take care of these problems. You don't need to reformat.

 

[gp_dhaliwal]

Thanks for all ur support and useful piece of information. I will act as per the instructions and get back as soon as I finish doing it.

 

[Bobbye]

You're welcome. Please post back and let us know your status. And before doing much else, get an updated anti-virus program on the system.

 

[gp_dhaliwal]

Unable to Run "regedit" even after going through the following instructions -

Click Start > Run.
Type regedit
Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

Was still unable to open after doing the above.
Thanks in advance for your valuable support.

 

[LookinAround]

First, see if you can install and run the free anti-virus/anti-spyware products mentioned. If you're lucky, they might be able to resolve the issue for you even at this point. (Or possibly at least deactivate the infection. Can make manual cleanup alot easier). There are some free online virus scans out there as well.

 

[gp_dhaliwal]

Ok Thats fine i'll try free anti virus rt now. thankz

 

[Bobbye]

Online virus scan:

Trend Micro Housecall:
http://housecall.trendmicro.com/

 

[DelJo63]

Online virus scan:

Trend Micro Housecall:
http://housecall.trendmicro.com/

Good start but be aware there are know FALSE POSITIVES in housecall.

You can usually see them easily by the messages that report

you have XXXX in module YYY​

and YYY is an old friend (ie well known to you; you installed it)

if YYY is meaningless eg abu13457.dll, then it is NOT a false positive

 

[gusss]

1. For the TouchED Error:
This is not a Worm. This is not malware. This is not adware. This is not a virus: This is is a Toshiba touchpad utility.

Fix: Navigate to C:\Windows\system32
Right click on Start> Explore> Windows> System 32)

DELETE 000StTHK.exe and 00THotkey.exe.manifest
COPY 00THotkey.exe
Navigate to C:\Documents and Settings\All Users\Start Menu\Programs\Startup

PASTE 00THotkey.exe into the Startup directory.

Creating a shortcut may work just as well,
From Briggs at Castlecops.

.

Hi there
I have followed the above advice i.e. deleted files and then copied file to startup.
I still get the very same message when I boot the computer i.e. Retrieval of "THotkey" failed

If anyone has any ideas I would like to hear them

Regards
Gusss

 

[DelJo63]

Bobby was right, it's a Toshiba specific utility. You can download it
from the site.

 

[Bobbye]

1. Go to Toshiba download page, Download Toshiba Common Modules, a Toshiba component. For WinXP, on A10 Toshiba series = A10TCMXP.exe.
There are lots of files to choose from, but the above one sorted it all out.

2. Go to Add or Remove Programs via Control Panel, and removed Toshiba Hotkey utility for Display devices and Toshiba Utilities.

3. Unzip that single file download and run setup, reboot.

From a user on PC World who got the help from a Toshiba tech in NZ!

Let us know ow it works for you.

 

[Rizz86]

I tried the (manual) fix that Bobbye suggested and i still get the same error, only sometimes it doesn't come up! When does windows start the processes in the all users\startup? I think maybe its trying to load the 00THotkey.exe from somewhere else first? I was thinking maybe i could use msconfig to mess around with the startup settings but i'm not exactly a guru with it, I'v only used it to stop processes loading that slow down my poor little laptop.

Oh and i couldn't find that A10TCMXP.exe file anywhere on any Toshiba website and the Australia/NZ site says: "The website is unavailable for 10-15 minutes due to an outage. Sorry for any inconvenience caused." ...I have been trying for days but it is obviously down.

So could any of u guru's help?
Thanks!
Rizz

 

[Bobbye]

Rizz, you are trying to follow a direction given specifically to another user, for a specific error message. I'm going to give you a reference site that IS up and working, but without more specific information, I cannot guarantee it is right for you:

This is the Toshiba Europe download site for the driver. Save it to your desktop and install from there if it is appropriate: http://tinyurl.com/55ay2p

 

[DelJo63]

Hum; 00THotkey.exe I don't see, but THotkey.exe runs from the Login User ID