infected file c:\windows\system32\svc.exe

  • Thread starter Thread starter georgiapeach729
  • Start date Start date
G

georgiapeach729

Noted file is infected with backdoor.madfind virus.
Norton programs will not repair, quarantine or delete.
Can I delete this file manually? What does svc.exe do?

Can it be reloaded if necessary?
 
Dealing with Hijackware
http://mvps.org/winhelp2002/unwanted.htm
http://www.mvps.org/inetexplorer/Darnit.htm#tshoot
http://aumha.org/a/parasite.htm

You *must* seek updates for Ad-Aware, Spybot, etc., before each and every
use, even "right out of the box". But even then, they can't catch
everything. HijackThis (http://www.merijn.org/files/hijackthis.zip; [new
URL] ) is the preferred tool to use these days. It will help to both
identify and remove any hijackware/spyware. **Post your files to
http://forums.spywareinfo.com/, not here.**

Also update your virus definitions and then run a full system scan. From
now on, do both daily.
--
HTH...Please post back to this thread

~Robear Dyer (aka PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

 
go to start > run > then type 'regedit' > navigate ur way
to local machine>software>microsoft>windows>current
version>run and look in their for any registry keys that
dont belong..
this folder contains some of the keys that start programs
when ur computer starts. if you find a suspicious program
delete the registry keys.. nothing in this folder will
effect your system drastically..but still i suggest you
backup your registry before doing any deleting.
also try looking in local
user>software>microsoft>windows>current version>run
this is another folder that holds regkeys.. but these
programs only start up when the current user is logged on.

also try run >msconfig and check in the startup tab..

--

after you have stopped your virus from starting up with ur
computer.. just restart and you shouldnt have any
problems.. the file will still be on ur computer.. but
basically harmless

-rlx
 
Hi,

Go to Start/Run/Regedit and remove these two entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run "svc" =
C:\WINNT\System32\svc.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DownloadManager

Then go to: WINDOWS SYSTEM32 directory and delete SVC.EXE (7.168 bytes).

This trojan attempts to download a file named BrowserHelper.DLL from the
domain madfinder.com



Registry Edits, Tips and Tricks for XP
http://www.kellys-korner-xp.com/xp_tweaks.htm
 
Back
Top