How to Get Rid of svchost.exe Virusposted by: Dennis Aguilar
Svchost.exe or also known as Generic Host Process for Win32 Services is a vital part of your system, Obviously, when you remove the svchost exe your operating system will not startup at all because a lot of processes depend on this file. You can see the svchost.exe in the list of running processes in the Task Manager when you press the CTRL + ALT + Del. The path of this file is usually C:\windows\system32\svchost.exe. Most of the users are wondering what this svchost exe is, because most of the time you will see more than once of svchost.exe processes in the Task Manager.
I have said that svchost exe is a vital part of your system and should not be removed but be reminded that there is also similarly named file like the scvhost.exe which is not a system file but a kind of worm malware programs. Notice that it can be easily mistaken as a system file and not a virus at first glimpse. Look (svchost.exe -> scvhost.exe virus). Almost similar, right? This virus is also known as the W32/YahLover.Worm.gen and Win32/Autorun.R.worm.
This malware usually spread through Yahoo Messenger. So, accepting invitation from unknown friend is one sure way to get infected with this scvhost.exe virus. What does this virus do is that it disable or blocks the Task Manager and also the Registry Editor and install itself in the autorun.inf file. The malware spreads by copying itself in the shared folders and then remotely install itself in the registry.
How to get rid of scvhost.exe virus:
1. You need to run your system on safe mode, so boot your system and while booting press f8, then choose the Safe Mode.
2. Once you’re on safe mode, go to command prompt by clicking the Start -> Run -> and then type the “cmd”.
3. Command prompt opens, now let’s go to this path C:\Windows\System32 by typing the CD C:\Windows\System32 then enter, Once in the folder, type the following then press enter:
- attrib -h -r -s scvhost.exe
- attrib -h -r -s blastclnnn.exe
- attrib -h -r -s autorun.inf
Note: What are we doing here is that we are changing the attributes of these files for us to be able to delete the files because they are set to hidden,system,and read-only attribute.
4. We can now delete the infected files. Type the following in the command prompt and press enter:
- del scvhost.exe
- del blastclnnn.exe
- del autorun.ini
5. Type CD\ the press enter, then type the following: then press enter
- attrib -h -r -s autorun.inf
- del “autorun.inf
6. Now we have to remove some entries on the registry, type the “regedit” on the command prompt and press enter.
Registry Editor opens, now look for this startup key: HKEY_CURRENT_USER\Software\Microsoft\Window\CurrentVersion\Run. then delete the Yahoo! Messenger entry with the value “c:\windows\system32\scvhost.exe“.
7. Find this key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and then edit the “shell” entry with the value “explorer.exe, scvhost.exe” into “explorer.exe“.
8. Look for this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ . and delete the following subkeys:
9. Reboot the PC and you’re done.
Removing this virus manually may be difficult If you are not a techie type person. You might want to consider installing your PC with spyware removal application such as NOD32 or any other strong spyware removal application for you to easily get rid of this virus.
You might also like