svchosts.exe - Dangerous
svchosts.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
Creates the following hidden files:
* %Program Files%\WinRAR\_RarExt.exe
* %System%\_textpad.exe
* %System%\svchosts.exe
* %System%\kernell32.dll
* %System%\avmtapi.tsp
* %System%\system.dll
Adds "®Windows Update" = "svchosts.exe" to the Windows startup registry keys.
Modifies the value:
"(Default)" = "%System%\_textpad.exe %1"
in the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open
so that the Trojan is executed every time a .txt file is opened.
Modifies the value:
"(Default)" = "
in the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AcroExch.Document\shell\open
so that that the Trojan is executed every time a .pdf file is opened.
Adds the following values:
"ProviderID5" = "0x00000006"
"ProviderFileName5" = "avmtapi.tsp"
"AllProviders" = "true"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers
to register a CAPI driver.
Terminate antiviral programs.
Attempts to use the CAPI driver to manipulate ISDN connections.
Attempts to send stolen information to the remote attacker.
Kill it using RegRun Startup Optimizer.