I delete them, but they keep on coming back!
My svchost.exe eats up 100% of my Cpu Usage, and i do not know what to do! Please help me! I don't know anything about malware busting, and i really really need professional help!
PS. I used the GetSusp thingy that I came across with from this community, and below is the .zip file of my recent scan.
Thanks for submitting the GetSusp logs. The culprit is:
You could follow these instructions to submit this sample to McAfee Labs: http://vil.nai.com/vil/submit-sample.aspx
Ps: I’ve whitelisted most of your files – a rerun of GetSusp will bring up fewer unknown files.on 12/9/10 8:20:50 PM IST
First of all I would like to thank Ex_Brit for leading my post onto a community where it could be solved! Much appreciated!
And to Mr. Vinoo Thomas, thank you for identifying the culprit! Any luck on how to delete it? I ran another GetSusp scan, and successfully sent the file to you guys.
Question: Now the filepath says C:/Users/Owner/tomov.exe, but I cannot find it anywhere (I activated the "View Hidden Files" btw). Is this an insanely hidden file which cannot be seen unless provoked by an apt program?
I am asking this because I was wondering if I could delete it manually. Much thanks if you could tell me how to permanently delete this bugger!
PS: I am really sorry because I haven't got the faintest idea on what "md5: c26e0c99a16397ac5252a8d23b9f398a" and "Attributes: HRS" mean. Please help me out here!
Again Much thanks to you and to McAfee experts for helping this ignoramus out!
In windows explorer, goto Tools --> folder options --> view and uncheck "Hide protected operating systems files".
The file tomov.exe uses the attributes HRS (Hidden, Read-Only, System) making it hidden even if show hidden files option was checked in explorer.
Once you can view the file, you could try to delete it manually in safe mode. Although I would recommended that you wait for detection to be added in the McAfee VirusScan DAT files for better system cleaning.
Happy to help!
Ps: md5 is a unique hash that is associated with a file.on 13/9/10 11:41:03 AM IST