scvvhsot.exe not found
-
scvvhsot.exe not found
hi, i think my computer has a virus due to which everytime i start up, i get this message "scvvhsot.exe cannot be found" and " skytel.exe cannot be installed because the file oledlg.dll cannot be found". i am running ms xp service pack 2. and i am using nod 32 antivirus which says i have a hakaglan.g worm. i also have symantech antivirus installed but it doest detect the worm. also, ran both lavasoft and spybot. is there any way i can rid my computer of the worm and get rid of those error messages without reformatting??
my hjt log is below:
Logfile of HijackThis v1.99.1
Scan saved at 8
44 AM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe SCVVHSOT.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SCVVHSOT.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
also, i did a scan of the system using the bitdefender online scanner.. the log is as follows
Statistics
Time
00:31:55
Files
100899
Folders
2942
Boot Sectors
4
Archives
1491
Packed Files
4864
Results
Identified Viruses
2
Infected Files
4
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
804186
Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\system32\dllcache\hwxkor.dll
Clean
C:\WINDOWS\system32\dllcache\iasacct.dll
Clean
C:\WINDOWS\system32\dllcache\iasads.dll
Clean
C:\WINDOWS\system32\dllcache\crtdll.dll
Clean
C:\WINDOWS\system32\dllcache\icwconn.dll
Clean
C:\WINDOWS\system32\dllcache\icwconn1.exe
Clean
C:\WINDOWS\system32\dllcache\cscdll.dll
Clean
C:\WINDOWS\system32\dllcache\iashlpr.dll
Clean
C:\WINDOWS\system32\dllcache\iasnap.dll
Clean
C:\WINDOWS\system32\dllcache\iaspolcy.dll
Clean
C:\WINDOWS\system32\dllcache\cscript.exe
Clean
C:\WINDOWS\system32\dllcache\iasrad.dll
Clean
C:\WINDOWS\system32\dllcache\iasrecst.dll
Clean
C:\WINDOWS\system32\dllcache\cscui.dll
Clean
C:\WINDOWS\system32\dllcache\iassam.dll
Clean
C:\WINDOWS\system32\dllcache\iassdo.dll
Clean
C:\WINDOWS\system32\dllcache\iassvcs.dll
Clean
C:\WINDOWS\system32\dllcache\csrsrv.dll
Clean
C:\WINDOWS\system32\dllcache\icaapi.dll
Clean
C:\WINDOWS\system32\dllcache\icfgnt5.dll
Clean
C:\WINDOWS\system32\dllcache\csrss.exe
Clean
C:\WINDOWS\system32\dllcache\icmp.dll
Clean
C:\WINDOWS\system32\dllcache\icmui.dll
Clean
C:\WINDOWS\system32\dllcache\icwconn2.exe
Clean
C:\WINDOWS\system32\dllcache\csseqchk.dll
Clean
C:\WINDOWS\system32\dllcache\icwhelp.dll
Clean
C:\WINDOWS\system32\dllcache\icwphbk.dll
Clean
C:\WINDOWS\system32\dllcache\icwdl.dll
Clean
C:\WINDOWS\system32\dllcache\ctfmon.exe
Clean
C:\WINDOWS\system32\dllcache\icwdial.dll
Clean
C:\WINDOWS\system32\dllcache\icwres.dll
Clean
C:\WINDOWS\system32\dllcache\icwrmind.exe
Clean
C:\WINDOWS\system32\dllcache\ctl3dv2.dll
Clean
C:\WINDOWS\system32\dllcache\icwtutor.exe
Clean
C:\WINDOWS\system32\dllcache\icwutil.dll
Clean
C:\WINDOWS\system32\dllcache\ctype.nls
Clean
C:\WINDOWS\system32\dllcache\ie4uinit.exe
Clean
C:\WINDOWS\system32\dllcache\ieakeng.dll
Clean
C:\WINDOWS\system32\dllcache\idq.dll
Clean
C:\WINDOWS\system32\dllcache\custsat.dll
Clean
C:\WINDOWS\system32\dllcache\ieaksie.dll
Clean
C:\WINDOWS\system32\dllcache\ieakui.dll
Clean
C:\WINDOWS\system32\dllcache\d3d8.dll
Clean
C:\WINDOWS\system32\dllcache\ieencode.dll
Clean
C:\WINDOWS\system32\dllcache\ieinfo5.ocx
Clean
C:\WINDOWS\system32\dllcache\iedw.exe
Clean
C:\WINDOWS\system32\dllcache\d3d8thk.dll
Clean
C:\WINDOWS\system32\dllcache\iedkcs32.dll
Clean
C:\WINDOWS\system32\dllcache\iepeers.dll
Clean
C:\WINDOWS\system32\dllcache\d3d9.dll
Clean
C:\WINDOWS\system32\dllcache\iernonce.dll
Clean
C:\WINDOWS\system32\dllcache\iesetup.dll
Clean
C:\WINDOWS\system32\dllcache\d3dim.dll
Clean
C:\WINDOWS\system32\dllcache\ifsutil.dll
Clean
C:\WINDOWS\system32\dllcache\igmpagnt.dll
Clean
C:\WINDOWS\system32\dllcache\ifmon.dll
Clean
C:\WINDOWS\system32\dllcache\d3dim700.dll
Clean
C:\WINDOWS\system32\dllcache\iexplore.exe
Clean
C:\WINDOWS\system32\dllcache\iexpress.exe
Clean
C:\WINDOWS\system32\dllcache\iis.dll
Clean
C:\WINDOWS\system32\dllcache\d3dpmesh.dll
Clean
C:\WINDOWS\system32\dllcache\iisadmin.dll
Clean
C:\WINDOWS\system32\dllcache\iische51.dll
Clean
C:\WINDOWS\system32\dllcache\iisclex4.dll
Clean
C:\WINDOWS\system32\dllcache\d3dramp.dll
Clean
C:\WINDOWS\system32\dllcache\iiscrmap.dll
Clean
C:\WINDOWS\system32\dllcache\iisfecnv.dll
Clean
C:\WINDOWS\system32\dllcache\d3drm.dll
Clean
C:\WINDOWS\system32\dllcache\iislog51.dll
Clean
C:\WINDOWS\system32\dllcache\iismui.dll
Clean
C:\WINDOWS\system32\dllcache\iissuba.dll
Clean
C:\WINDOWS\system32\dllcache\d3dxof.dll
Clean
C:\WINDOWS\system32\dllcache\iissync.exe
Clean
C:\WINDOWS\system32\dllcache\ils.dll
Clean
C:\WINDOWS\system32\dllcache\danim.dll
Clean
C:\WINDOWS\system32\dllcache\imekr.lex
Clean
C:\WINDOWS\system32\dllcache\imekr61.ime
Clean
C:\WINDOWS\system32\dllcache\imapi.exe
Clean
C:\WINDOWS\system32\dllcache\dataclen.dll
Clean
C:\WINDOWS\system32\dllcache\imagehlp.dll
Clean
C:\WINDOWS\system32\dllcache\imekrcic.dll
Clean
C:\WINDOWS\system32\dllcache\imekrmbx.dll
Clean
C:\WINDOWS\system32\autorun.ini
Infected with: Win32.Worm.IM.Sohanad.K
C:\WINDOWS\system32\autorun.ini
Deleted
C:\Documents and Settings\All Users\Documents\autorun.inf
Infected with: Win32.Worm.IM.Sohanad.K
C:\Documents and Settings\All Users\Documents\autorun.inf
Deleted
C:\Program Files\ESET\infected\SJQSJVBA.NQF=>(Quarantine-PE)
Infected with: Win32.Worm.IM.Sohanad.L
C:\Program Files\ESET\infected\SJQSJVBA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\SJQSJVBA.NQF=>(Quarantine-PE)
Deleted
C:\System Volume Information\_restore{44B65649-E580-463C-9B21-85A5D5AD765B}\RP25\A0012667.ini
Infected with: Win32.Worm.IM.Sohanad.K
C:\System Volume Information\_restore{44B65649-E580-463C-9B21-85A5D5AD765B}\RP25\A0012667.ini
Deleted
the scan says that my system is infected with sohanad.k and sohanad.l virus. i dont know if its been removed yet because scvvhsot.exe not found message stil comes.
any help would be greatly appreciated..
thanks
-
Welcome,
Running two anti-virus programs together will slow your PC down, cause conflicts and actually lower your security. You should uninstall one of them and if it was me symantec would be uninstalled.
Symantec Removal Tool Below:
http://service1.symantec.com/SUPPORT...05033108162039
Be advised you have an infection that has probably stolen passwords and any other sensitive information you might have on your computer, includeing credit card info, online banking info, and if you have done those things you should notify those companies to keep an eye out for unauthorized transactions. While we can clean the visible part of the infection there may still be enough of the trojan left to compromise your computer to the point it is not trustworthy any longer without a full reformatting of your computer.
If you wish to procede then do this:
Download SDFix and save it to your Desktop.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
- In Safe Mode, right click the SDFix.zip folder and choose Extract All,
- Open the extracted folder and double click RunThis.bat to start the script.
- Type Y to begin the script.
- It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- Your system will take longer that normal to restart as the fixtool will be running and removing files.
- When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
- Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
Also...
Please delete the version of HiJackThis.exe you have installed, then download the new version from here:
HIJACKTHIS
Last edited by Neal; 17-09-2007 at 09:49 PM.
-
i downloaded the file and for some reason i cant start the computer in safe mode. i tried and the screen goes into a matrix mode with all the pathnames and scrolls for sometime but doesnt go into safe mode. could the virus have done this? what can i do now?
thanks for your patience
-
It is very possible the trojans have done damage to safe mode and we will attempt to repair but first:
1. Download this file - COMBOFIX
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found: 
* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.
New hijackthis log also please.
