w32/conficker!mem Trojan not able to remove from svchost.exe file.

w32/conficker!mem Trojan removal

Few of computers in my office got infected due to this virus because of some mistake of team members. I tried to remove the virus using Stinger but Stinger was not able to remove this. I used MacAfee and with latest virus update definition MacAfee was able to protect my system but it started giving me a buffer overflow protection message due to svchost.exe file in windows.

I tried to remove the virus from file using MacAfee but did not get any success for that. Neither from Kaspersky. All the time when I scan my system I was getting message of Virus attached with svchost.exe file in my system. Finally I came up with a solution as replacing svchoste.exe fie from system32 of a new healthy computer to infected computer and that worked out of box.

You will not be able to do this directly so here is a short method for that.
1) Installed a new similar operating system in virtual Machine or where you can.
2) Copy svchost.exe file from c:\windows\system32 folder to your computer.
3) Open c:\windows\system32 folder of your computer.
4) Find our svchost.exe file and rename it as svchost_old.exe.
5) Copy the new svchost.exe file in c:\windows\system32 folder.
6) Make sure to delete the entire scheduled task from C:\windows\tasks folder. Remove those task also that you created you can make them again but don’t take a chance to start this problem again in your operating system.

After doing all this make sure you update your computer with latest virus update or at least update this http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03&displaylang=en

Update for your computer.

I am assuming you have fully working updated antivirus in your system before doing this. If not please go ahead and get a working antivirus for your computer. If you don’t want to buy or you don’t know from where you can get the antivirus free visit www.raymond.cc he is a good guy who provide many software free of cost.

Hope it was useful for you and you liked it.

Thanks for being here.

1 comments:

Anonymous said...

Good.. answer.. remeber rename the svchost.exe is possible in safemode with command prompt.

Thanks!!

Raja

Clicky Web Analytics