cancel
Showing results for 
Search instead for 
Did you mean: 

svchost.exe:KERNEL32.LoadLibraryA -virus alerts on my machine

Hi,

I am using VirusScan Enterprise 8.7.0i

DAT version:5850

i am facing a probelm with svchost.exe:KERNEL32.LoadLibraryA virus, it continuosuly pop's up. please help me.

-Thanks

3 Replies
Mal09
Level 12
Report Inappropriate Content
Message 2 of 4

Re: svchost.exe:KERNEL32.LoadLibraryA -virus alerts on my machine

You primarily need to use Windows Update and install all security patches relevant to your version of Windows.

See also - http://community.mcafee.com/message/102797

Grif
Level 10
Report Inappropriate Content
Message 3 of 4

Re: svchost.exe:KERNEL32.LoadLibraryA -virus alerts on my machine

There is also a possibility that you have one of the Fake Antispyware infections which affect "svchost.exe". So, please try the steps below:

Download ALL of the tools below on a separate, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
_____________________

IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
_____________________

Hope this helps.

Grif

Re: svchost.exe:KERNEL32.LoadLibraryA -virus alerts on my machine

Hi,


1)      You have to install the windows security patches all the patches tell date

2)      Install latest VSE patch and engg

3)      Run the normal full san in safe mode

If still infection is there then run the san in safe mode with command promote

Here are the  instructions for running a complete command line  scan.

Please note that this  process can be done quicker if all temp folders have been emptied, the temporary  internet files, history, and cookies have been  deleted.

1. Create a folder on  the root of the System  Drive (typically C:\) and name it "scan" (without the  quotes)

a) Double-click on 'My  Computer'

b) Double-click on the  System  Drive (typically C:\)

c) Click  FILE

d) Highlight  NEW

e) Click  FOLDER

f) Type:  scan

g) Press  [ENTER]

2. Set the "scan"  folder to Read-Only

a) Right-click on the  scan folder & select Properties

b) Place a checkmark in  the Read-only box

c) Click  APPLY

d) Click  OK

3. Download the latest  SuperDAT file from:

http://www.networkassociates.com/us/downloads/updates/

4. Make sure to save  the sdatxxxx.exe (where xxxx is the current

version number) to the  "scan" folder.

5. Restart the computer  and go into 'Safe Mode with Command Prompt'

a) Reboot the  system

b) Press [F8] when  prompted

c) Select 'Safe Mode  with Command Prompt'

d) Press [ENTER] NOTE:  This is necessary due to the possibility of a file infecting virus, Trojan, or  worm still running in memory. Rebooting the computer will remove the virus,  Trojan, or worm from memory. Logging into 'Safe Mode with Command Prompt' will  prevent 99% of all viruses, Trojans, or worms from loading into memory.

6. Type "cd\" (without  the quotes) and hit [ENTER]

7. Type "cd scan"  (withoutthe quotes) and hit [ENTER]

8. Type "sdatxxxx.exe  /e" (without thequotes and where xxxx is the version of the current SuperDAT  file) and hit [ENTER]

9. After approx.45  seconds, the extraction will be complete and you will then need to copy the  Extra.dat to this directory.

10. Type"scan.exe  /clean /all /adl /winmem /unzip /secure /report report.txt NOTE: YOU CAN CHANGE  THE /CLEAN TO /DEL IN ORDER TO DELETE

ALL INFECTED FILES  INSTEAD OF CLEANING THEM. NOTE: should be replaced with the location you want to  save the report.txt file to (i.e. - C:, C:\scan, etc.) WARNING: You may receive  an "error" tell you that an application is attempting to directly access the  hard disk. You MUST click IGNORE or the scan will terminate. This will now scan  your entire computer of viruses.

1. Restart the computer  and boot into Windows.

2. Open the \report.txt  and search through that for errors or infected files that were unable to be  cleaned. This file is a report of the scan you generated in DOS.

3. If a file is listed  there that was infected with something and it does NOT state it has been clean,  deleted or renamed you will need to navigate to that directory through windows  explorer, DOS, or My Computer and remove the file from the  system.


Best of luck

ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.