Trying to repair WksPatch(1).exe and SVCHOST.EXE in vault AVG Software

Discussion in 'Computer Support' started by Bun Mui, Apr 30, 2004.

  1. Bun Mui

    Bun Mui Guest

    I have Windows Xp Home Edition.

    When I checked with AVG software. It says I had Nachi type virus.

    2 files were affect and put in vault.

    But when I tried to repair them. It said I was not able to.


    WksPatch(1).exe

    was in

    C:\Windows\system32\config\systemprofile\localsetting\temporary Internet Files

    SVCHOST.EXE

    was in

    C:\Windows\system32\drivers\svhost.exe



    AVG Software showed my system was Windows Professional 2000 even though my
    computer is Windows XP Home Edition.


    What should I do?

    Thanks.


    Bun Mui
     
    Bun Mui, Apr 30, 2004
    #1
    1. Advertisements

  2. Bun Mui

    Unk Guest

    Turn off System Restore:
    To disable System Restore, Click Start, Programs, Accessories, System Tools,
    System Restore, System Restore Settings, "System Restore" tab, and check the
    box. "Turn Off System Restore on all drives", click "Apply" and "OK".

    To delete previous restores Click Start, Accessories, System tools, Disk
    Cleanup, "More Options" tab, "System Restore" section, "Clean up" button,
    click Yes

    http://www.securemost.com/articles/trou_5_welchia.b.htm
    http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.d.worm.html

    W32.Blaster.Worm Removal Tool
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

    This is a link to a small FREE program by McAfee Anti-virus named Stinger.
    It will scan your system for 36 known viruses and trojans (including the new
    W32/MyDoom worm) and repair them. You don't need McAfee anti-virus installed
    on your computer... this is a stand alone program.
    http://vil.nai.com/vil/stinger/
     
    Unk, Apr 30, 2004
    #2
    1. Advertisements

  3. Bun Mui

    °Mike° Guest

  4. Bun Mui

    Duane Arnold Guest

    (Bun Mui) wrote in
    You should be looking very hard as to what is happening/running on that
    machine.

    I'll tell you off the top of the bat, the svchost.exe should be running
    out of the Winnt/system32 for Win NT 4.0 and Win 2k and it should be
    running out of Windows/system32 for Win XP and Win 2K3. No subdirectories
    off of *syste32* or any other directories as they be *TROJANS*. That also
    includes dllhost.exe.

    You can use Active Ports (free) to look at connections in real time. You
    may want to put a short-cut for Active Ports in the Start-up folder to
    view what connections are being made at boot when the machine is at its
    most vulnerable time period.

    You may also want to use Process Explore (free) to look inside a running
    process if you see a process is making connections to unknown remoter IP
    (s) to see what processes/programs it is running.

    You should try to better secure the XP O/S from attack.

    http://www.uksecurityonline.com/index5.php

    You can consider using the Host as a prevention measure after you clean
    things up.

    http://www.mvps.org/winhelp2002/hosts.htm
    http://www.snapfiles.com/get/hoststoggle.html

    Duane :)
     
    Duane Arnold, Apr 30, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.