msvchost.exe infected with trojan.natspammer

  • Thread starter Thread starter Markus
  • Start date Start date
M

Markus

Working on an e-machine with windows xp home edition (sp1) and
(supposedly) protected with Norton 2003. Norton gives a warning of the
natspammer trojan along with some virus (trojan?) named backdoor dot
something or other (forget the exact name). The backdoor.something is
infecting the svchost.exe file supposedly. Norton cannot delete or do
anything else with this. I would like to delete the files all together
but xp won't let me. I've tried del and erase in cmd mode with the -f
flag to no avail. I assume they are a running process, but there again
alt.ctr.del only gives me a task manager with no process display.

Any help would be apreciated.

TIA,
Markus
 
Try searching for <virusname> on the Symantec website - Norton often give
very good removal instructions.

Options for deleting a file which has open handles:
* Safe Mode (Tap F8 every second or so from the time boot starts until
you see a menu)
* System File Checker (sfc.exe) or single-file Extraction from the
installation disk
* The InUse.exe utility available from Microsoft website.

You may also like to have a look at this article:
http://ask-leo.com/archives/000030.html

... and play about with "Process Explorer" from www.sysinternals.com if you
really want to understand how these things work. I found I could examine
the properties of a svchost instance with Process Explorer (Task Manager on
steroids), and (by viewing Threads) see which dll was causing a heavy CPU
load.
 
Back
Top