Hello Vishal,
This particular Worm can allow an attacker to create accounts on your
system, so you should consider backing up your data and rebuilding to
confirm nothing else has been put on your system such as a Trojan backdoor
virus.
In order to protect yourself and then remove this you need to do the
following if your AV software will not remove it -
1. Enable your the Internet Connection Firewall on your LAN Connection or
Dialup Connection.
2. Apply the most recent security patches to your system by going to
http://windowsupdate.microsoft.com.
3. Follow the instructions below to edit the registry -
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"Config Loader"="scvhost.exe"
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionRunServices
In the right pane, delete the value:
"Config Loader"="scvhost.exe"
Exit the Registry Editor.
4. Reboot the system.
5. Now look for scvhost.exe and delete it from anywhere on your system.
Make sure you look for scvhost.exe and not svchost.exe. Svchost.exe is a
required process for Windows XP.
Best regards,
--
Shain Wray
Microsoft PSS Security Team
This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!
