In case of scvhsot.exe, svch0st.exe, wincabb.exe, and wmcony.exe

EndurerOriginal

2006-12-20 th1Version

An Internet friend sent an email saying that he met

Trojan-PSW.Win32.WOW.ms, Trojan. psw. lmir. LNV and other Trojans

Similar issues with the concise log of hijackthis scan, unfortunately there is no procview process list.

The following suspicious items are found in the log:
/------
Logfile of hijackthis v1.99.1
Platform: Windows XP SP2 (winnt 5.01.2600)

C:/Windows/system32/scvhsot.exe
C:/docume ~ 1/YU/locals ~ 1/temp/wincabb.exe

O4-HKLM/../run: [qqkav] C:/Windows/system32/sCVHsot.exe
O4-hkcu/../run: [myzt] C:/Windows/East/SVCH0St. exe
O4-hkcu/../run: [SVC] C:/docume ~ 1/YU/locals ~ 1/temp/wmcony.exe

O20-appinit_dlls: 235780m. BMP

O23-service: mgafgexe-matrox Graphics Inc.-C:/Windows/system32/mgafg.exe
------/

Repair suggestions:

For the following operations, refer to [System Restoration series] basic operation index.
Http://endurer.blogchina.com/2591241.html

Restart your computer to safe Mode

Disable System Restoration

Use WinRAR to find the following files, package the backup, and delete the files:
/------
C:/Windows/system32/scvhsot.exe (Note: svchost.exe is not used)
C:/Windows/East/svch0st. exe
C:/Documents and Settings/YU/Local Settings/temp/wincabb.exe
C:/Documents and Settings/YU/Local Settings/temp/wmcony.exe
235780m. BMP (generally in C:/Windows)
------/

Use WinRAR to find the file C:/Windows/system32/mgafg.exe, package the backup, but do not delete it.

Close all folders and IE Windows and use hijackthis to fix the following items:
/------
O4-HKLM/../run: [qqkav] C:/Windows/system32/scvhsot.exe
O4-hkcu/../run: [myzt] C:/Windows/East/svch0st. exe
O4-hkcu/../run: [SVC] C:/docume ~ 1/YU/locals ~ 1/temp/wmcony.exe

O20-appinit_dlls: 235780m. BMP
------/

Clear the temporary ie folder.

Restart the computer to the normal model, the first package of the file scvhsot.exe and so on as an e-mail attachment to the endurer@163.com.