Re: Help - need to stop a keylogger
From: FOR3CAS7 (for3cas7_at_yahoo.co.uk)
Date: 10/16/03
- Previous message: Security Alert: "SSRT2439 Potential Security Vulnerability in xdrmem_getbytes() (rev.7)"
- In reply to: AMC: "Help - need to stop a keylogger"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 16 Oct 2003 12:17:10 -0700
Well I'll be damned!!!!
I have literally Just had the same problem and I removed it straight
away. the tell tale sign of this is Windows Taskmanager shutting down
on its own or closing within 5 seconds of it starting.
The file SVEHOST.exe and all associated files.. delete them ..
First though you need to stop them .. heres what i used..
goto www.sysinternals.com and get the program "tcpview"
When this program is loaded you may want to turn off the refresh speed
because it can get a little hectic ( click "View then update speed
then pause" )
This will allow you to see all the processes that are named
SVEHOST.exe
One by one terminate them.
After doing this you will be able to start your taskmanager again and
also your MSCONFIG/Regedit.
Open the msconfig and remove the svehost.exe from the startup and then
use Regedit to search through the registry ( CTRL +F ) for svehost.exe
delete all registry entries for this and your done.
**** Warning Please do not confuse SVChost.exe with SVEhost.exe
svchost.exe is a needed file and you'll be in *** street if you
delete that .. hehe ***
"AMC" <a_mccabeREMOVETHIS@bigfoot.com> wrote in message news:<AAAhb.455$Cw3.8@newsfep1-gui.server.ntli.net>...
> I'm running ME. I downloaded a file from Kazaa which was clean according to
> Norton, but when I ran it it simply disappeared. My firewall ZA free asked
> for permission for a programm called svehost.exe to access the net. I
> blocked it and have kapt it blocked since.
>
> After a search I found a hidden file in my Windows/system dir called
> svehost.exe and another svehost.lgc
>
> The program continues to try to access the net, but thankfully is being
> blocked by the firewall.
>
> I've searched www.sarc.com without success. Also when i try to run msconfig
> to check loaded programs, it opens and immediately closes. Regedit does the
> same almost as if svehost is stopping me taking any actions to close it
> down.
>
> Can anyone help with this ?
>
> Thanks
> Andrew
- Previous message: Security Alert: "SSRT2439 Potential Security Vulnerability in xdrmem_getbytes() (rev.7)"
- In reply to: AMC: "Help - need to stop a keylogger"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
