This are the following tips on how to remove the SCVHOST.EXE virus/worm. Firstly we must know what is SCVHOST.EXE is.
In some antivirus they are detected as W32/YahLover.Worm.gen from McAfee Antivirus and Win32/Autorun.R.worm from NOD32.
This virus will installs itself into your PC by using its INF file autorun.inf. The Autorun.inf file has an scripts that will trigger to execute the SCVHOST.EXE. Mostly in a removable disk is this occurred as you noticed that there is an Autoplay instead of Open. Once you double click the drive or removable disk, the autorun.inf run its scripts that this will trigger to execute the SCVHOST.EXE and spreading itself unto your system. It also copies itself through all your shared folders directories and on your computers throughout the network and run itself in the registry entries remotely using a GUEST account (through System:Remote).
- When pressing Ctrl+Alt+Del it blocks to launch the Task Manager
- It blocks the Registry Editor.
- When you try to go to the command prompt CMD, it will restarts the computer.
- The shared folders will duplicates itself to different locations of. The duplicated virus uses a FOLDER icon with an .exe file extension. The configuration of your Yahoo Messenger has been changed.
How to Remove It
OK here we go, you must follow this step on how to remove this virus in manually method:
- Restart your PC and press F8 and select the option Safe Mode Command Prompt Only
- And after you log-in the command prompt you must log-in as Administrator.
- Type cd C:\windows\system32
- Type dir /ah, to display all hidden files on this directory folder. You will see the following files which is used by the virus to spread itself: AUTORUN.INI, BLASTCLNNN.EXE, and SCVHOST.EXE
- Type ATTRIB -H -R -S SCVHOST.EXE
- Type ATTRIB -H -R -S BLASTCLNNN.EXE
- Type ATTRIB -H -R -S AUTORUN.INI
- Type DEL SCVHOST.EXE
- Type DEL BLASTCLNNNN.EXE
- Type DEL AUTORUN.INI
- Type CD\
- Type ATTRIB -H -R -S AUTORUN.INF
- Type DEL AUTORUN.INF
You are almost done, reboot your PC you may seat back and relax.. :) while loading...
Go Start Menu and click the Run and type the REGEDIT command. Take note guys before make any changes into your Registry Editor you must make a full back-up to your registry to avoid system errors. :)
Look the location entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, if you see an entry Yahoo! Messengger (it’s spelled like this) with a value c:\windows\system32\scvhost.exe, Delete this entry.
Look the location entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, in the entry named: SHELL, a value = Explorer.exe,SCVHOST.EXE. Edit this value, delete the SCVHOST.EXE only and the value must be Explorer.exe. Once you delete all this value, your computer will not login anymore.
OK we are now done.. Please Restart your PC now and Enjoy!!! Thank you and hope this tips will help for everyone..Just post your comments about this problem.