Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91680 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hjt Question


  • Please log in to reply
5 replies to this topic

#1 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,948 posts

Posted 19 March 2004 - 05:55 PM

Does anyone know what this? Good? or Bad? I couldn't find any info on it. It's from a XP system and only appears here. Thanks O4 - HKLM\..\Run: [System Restores] C:\WINDOWS\svahost.exe

    Advertisements

Register to Remove


#2 Guest_Newkid_*

Guest_Newkid_*
  • Guests

Posted 19 March 2004 - 08:05 PM

Seems baddie at first look....You need to post the complete HJT Log in order to get correct assistance on it.

#3 Budfred

Budfred

    Malware hound

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts
  • Interests:++

Posted 20 March 2004 - 01:55 AM

It certainly looks like it is trying to look like a couple of legit files and that usually suggests bad.... You can check in Properties for the file. If it is clearly garbage, remove it. If it looks like it could be legit, post the info you find so we can see how it holds up. You can also rename the file with BAK extension and see if it makes any difference since it won't execute with that extension. You have to reboot to check it out...

#4 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,948 posts

Posted 22 March 2004 - 05:57 PM

I was helping someone else out, but they never got back to me so I don't have any info on that file but it certainly looks bad. The original problem was a dialer , www.seksdialer.com , and a shortcut called Teen Seks movie on the desktop. Here's what I found and had him fix: R3 - Default URLSearchHook is missing O4 - Startup: startit.exe O4 - HKLM\..\Run: [System Restores] C:\WINDOWS\svahost.exe C:\WINDOWS\System32\dlloc.exe

#5 Budfred

Budfred

    Malware hound

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts
  • Interests:++

Posted 22 March 2004 - 06:33 PM

If you are planning to do a lot of helping out with logs, you might want to apply to be admitted to the Classroom.... Check here for details:

http://forums.tomcoy...?showtopic=1421

#6 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,948 posts

Posted 24 March 2004 - 07:29 PM

OK, I'll look into it. I've been posting on www.annoyances.org for the last 2 years or so, mostly in the 98 and ME forums, also just started helping in the Spyware/Security forum at www.computing.net. With all the spy/adware problems and hijackers I should expand my knowledge, I do find it very interesting and challenging. I try to read all the post here and learn from them. Thanks alot - MrC

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users