Trying to repair WksPatch(1).exe and SVCHOST.EXE in vault AVG Software

[Bun Mui]

I have Windows Xp Home Edition.

When I checked with AVG software. It says I had Nachi type virus.

2 files were affect and put in vault.

But when I tried to repair them. It said I was not able to.


WksPatch(1).exe

was in

C:\Windows\system32\config\systemprofile\localsetting\temporary Internet Files

SVCHOST.EXE

was in

C:\Windows\system32\drivers\svhost.exe



AVG Software showed my system was Windows Professional 2000 even though my
computer is Windows XP Home Edition.


What should I do?

Thanks.


Bun Mui

 

[°Mike°]

http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.html

http://www.sophos.com/virusinfo/analyses/w32nachia.html

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NACHI.A

http://www3.ca.com/threatinfo/virusinfo/virus.aspx?ID=36372

What you should know about the Nachi Worm
http://www.microsoft.com/security/antivirus/nachi.asp

 

[Duane Arnold]

(e-mail address removed) (Bun Mui) wrote in

I have Windows Xp Home Edition.

When I checked with AVG software. It says I had Nachi type virus.

2 files were affect and put in vault.

But when I tried to repair them. It said I was not able to.


WksPatch(1).exe

was in

C:\Windows\system32\config\systemprofile\localsetting\temporary
Internet Files

SVCHOST.EXE

was in

C:\Windows\system32\drivers\svhost.exe



AVG Software showed my system was Windows Professional 2000 even
though my computer is Windows XP Home Edition.


What should I do?

You should be looking very hard as to what is happening/running on that
machine.

I'll tell you off the top of the bat, the svchost.exe should be running
out of the Winnt/system32 for Win NT 4.0 and Win 2k and it should be
running out of Windows/system32 for Win XP and Win 2K3. No subdirectories
off of *syste32* or any other directories as they be *TROJANS*. That also
includes dllhost.exe.

You can use Active Ports (free) to look at connections in real time. You
may want to put a short-cut for Active Ports in the Start-up folder to
view what connections are being made at boot when the machine is at its
most vulnerable time period.

You may also want to use Process Explore (free) to look inside a running
process if you see a process is making connections to unknown remoter IP
(s) to see what processes/programs it is running.

You should try to better secure the XP O/S from attack.

http://www.uksecurityonline.com/index5.php

You can consider using the Host as a prevention measure after you clean
things up.

http://www.mvps.org/winhelp2002/hosts.htm
http://www.snapfiles.com/get/hoststoggle.html

Duane