3 Replies Latest reply on Jan 7, 2010 11:25 PM by qureshimehboob

    svchost.exe:KERNEL32.LoadLibraryA -virus alerts on my machine

      Hi,

       

      I am using VirusScan Enterprise 8.7.0i

      DAT version:5850

       

      i am facing a probelm with svchost.exe:KERNEL32.LoadLibraryA virus, it continuosuly pop's up. please help me.

       

      -Thanks

        • 1. Re: svchost.exe:KERNEL32.LoadLibraryA -virus alerts on my machine

          You primarily need to use Windows Update and install all security patches relevant to your version of Windows.

           

          See also - http://community.mcafee.com/message/102797

          • 2. Re: svchost.exe:KERNEL32.LoadLibraryA -virus alerts on my machine

            There is also a possibility that you have one of the Fake Antispyware infections which affect "svchost.exe". So, please try the steps below:

             

            Download ALL of the tools below on a separate, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

             

            First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
            There are 4 different versions. If one of them won't run then try to run the other one.
            Vista and Win7 users need to right click and choose Run as Admin
            You only need to get one of them to run, not all of them.

             

            Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
            Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
            Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
            Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
            _____________________

             

            IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

             

            Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

             

            Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
            http://www.besttechie.net/tools/mbam-setup.exe

             

            Malwarebytes Manual Updater link
            http://www.malwarebytes.org/mbam/database/mbam-rules.exe

             

            Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:

             

            SuperAntispyware
            http://www.superantispyware.com/

             

            SuperAntispyware Manual Updater
            http://www.superantispyware.com/definitions.html
            ____________

             

            In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
            _____________________

             

            Hope this helps.

             

            Grif

            • 3. Re: svchost.exe:KERNEL32.LoadLibraryA -virus alerts on my machine

              Hi,


              1)      You have to install the windows security patches all the patches tell date

              2)      Install latest VSE patch and engg

              3)      Run the normal full san in safe mode

              If still infection is there then run the san in safe mode with command promote

               

              Here are the  instructions for running a complete command line  scan.

               

              Please note that this  process can be done quicker if all temp folders have been emptied, the temporary  internet files, history, and cookies have been  deleted.

               

              1. Create a folder on  the root of the System  Drive (typically C:\) and name it "scan" (without the  quotes)

               

              a) Double-click on 'My  Computer'

              b) Double-click on the  System  Drive (typically C:\)

              c) Click  FILE

              d) Highlight  NEW

              e) Click  FOLDER

              f) Type:  scan

              g) Press  [ENTER]

               

              2. Set the "scan"  folder to Read-Only

              a) Right-click on the  scan folder & select Properties

              b) Place a checkmark in  the Read-only box

              c) Click  APPLY

              d) Click  OK

               

               

              3. Download the latest  SuperDAT file from:

              http://www.networkassociates.com/us/downloads/updates/

               

               

              4. Make sure to save  the sdatxxxx.exe (where xxxx is the current

              version number) to the  "scan" folder.

               

               

              5. Restart the computer  and go into 'Safe Mode with Command Prompt'

               

              a) Reboot the  system

              b) Press [F8] when  prompted

              c) Select 'Safe Mode  with Command Prompt'

              d) Press [ENTER] NOTE:  This is necessary due to the possibility of a file infecting virus, Trojan, or  worm still running in memory. Rebooting the computer will remove the virus,  Trojan, or worm from memory. Logging into 'Safe Mode with Command Prompt' will  prevent 99% of all viruses, Trojans, or worms from loading into memory.

               

              6. Type "cd\" (without  the quotes) and hit [ENTER]

               

              7. Type "cd scan"  (withoutthe quotes) and hit [ENTER]

               

              8. Type "sdatxxxx.exe  /e" (without thequotes and where xxxx is the version of the current SuperDAT  file) and hit [ENTER]

               

              9. After approx.45  seconds, the extraction will be complete and you will then need to copy the  Extra.dat to this directory.

               

              10. Type"scan.exe  /clean /all /adl /winmem /unzip /secure /report report.txt NOTE: YOU CAN CHANGE  THE /CLEAN TO /DEL IN ORDER TO DELETE

              ALL INFECTED FILES  INSTEAD OF CLEANING THEM. NOTE: should be replaced with the location you want to  save the report.txt file to (i.e. - C:, C:\scan, etc.) WARNING: You may receive  an "error" tell you that an application is attempting to directly access the  hard disk. You MUST click IGNORE or the scan will terminate. This will now scan  your entire computer of viruses.

               

              1. Restart the computer  and boot into Windows.

               

              2. Open the \report.txt  and search through that for errors or infected files that were unable to be  cleaned. This file is a report of the scan you generated in DOS.

               

              3. If a file is listed  there that was infected with something and it does NOT state it has been clean,  deleted or renamed you will need to navigate to that directory through windows  explorer, DOS, or My Computer and remove the file from the  system.


              Best of luck