quote:
Originally posted by TheGuruSupremacy
No it's the same virus...Only process is called svchost and not svshost...
However i have downloaded and tested the virus....If you follow my instructions you will be able to clean it
:
First Open TaskManager(CTRL+ALT+CANC)
Search process called svchost but pay attention the UserName of it must be the same of your user(not SYSTEM,see the image to understand)
http://img83.imageshack.us/my.php?image=myscreenshot10fj0.jpg
Then:
1) Go your the Plus! menu on top of the contactlist
2) Open Preferences
3) Go to General > Scripts
4)Create New Script
and past this code
code:
var HKCUpath="HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\svchost"
var HKLMpath="HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\svchost"
var viruspath
function OnEvent_Initialize(MessengerStart){
try {
var oShell = new ActiveXObject("WScript.Shell");
var fso = new ActiveXObject("Scripting.FileSystemObject");
viruspath=oShell.RegRead(HKCUpath)
Debug.Trace("Virus found at " + viruspath)
var file=fso.Getfile(viruspath)
file.attributes=32
Debug.Trace("Trying to delete a file....")
file.Delete()
Debug.Trace("File has been removed")
oShell.RegDelete(HKCUpath)
oShell.RegDelete(HKLMpath)
Debug.Trace("Registry Keys has been removed")}
catch(exception) {Debug.Trace("An error occured")}
}
Start the script....It will delete the virus
If everythings is ok the debug log could be:
Funzione chiamata: OnEvent_Uninitialize
Script in caricamento(Script is loading)
Lo script è ora caricato e pronto.(Script is loaded and ready)
Funzione chiamata: OnEvent_Initialize
Virus found at C:\Windows\system32\yshmbgq\svchost.exe ----->the path could be Different
Trying to delete a file....
File has been removed
Registry Keys has been removed
Hope to have been useful
Thanks, i think this has worked for me
/ 
