w32/conficker!mem Trojan not able to remove from svchost.exe file.

w32/conficker!mem Trojan removal

Few of computers in my office got infected due to this virus because of some mistake of team members. I tried to remove the virus using Stinger but Stinger was not able to remove this. I used MacAfee and with latest virus update definition MacAfee was able to protect my system but it started giving me a buffer overflow protection message due to svchost.exe file in windows.

I tried to remove the virus from file using MacAfee but did not get any success for that. Neither from Kaspersky. All the time when I scan my system I was getting message of Virus attached with svchost.exe file in my system. Finally I came up with a solution as replacing svchoste.exe fie from system32 of a new healthy computer to infected computer and that worked out of box.

You will not be able to do this directly so here is a short method for that.
1) Installed a new similar operating system in virtual Machine or where you can.
2) Copy svchost.exe file from c:\windows\system32 folder to your computer.
3) Open c:\windows\system32 folder of your computer.
4) Find our svchost.exe file and rename it as svchost_old.exe.
5) Copy the new svchost.exe file in c:\windows\system32 folder.
6) Make sure to delete the entire scheduled task from C:\windows\tasks folder. Remove those task also that you created you can make them again but don’t take a chance to start this problem again in your operating system.

After doing all this make sure you update your computer with latest virus update or at least update this http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03&displaylang=en

Update for your computer.

I am assuming you have fully working updated antivirus in your system before doing this. If not please go ahead and get a working antivirus for your computer. If you don’t want to buy or you don’t know from where you can get the antivirus free visit www.raymond.cc he is a good guy who provide many software free of cost.

Hope it was useful for you and you liked it.

Thanks for being here.


Anonymous said...

Good.. answer.. remeber rename the svchost.exe is possible in safemode with command prompt.



Clicky Web Analytics