Discovered a new virus that resides in c:\Recycled
- CTFMON.exe
- SMSS.exe
- SPOOLSV.exe
- SVCHOST.exe
The icon of these files are EXCTLY like Microsoft Windows MS Word type
- Icon : MS Word
- Type of File: Application
- Description: Microsoft Office Word
- Size : 55.0 KB (56,320 bytes)
- Size on disk: 56.0 KB (57,344 bytes)
- File version : 11.0.5604.0
- Copyright : Copyright © 1983-2003 Microsoft Corporation. All rights reserved.
- Language : Language Neutral
- etc
It adds to the startup at
- HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
- Explorer.exe “C:\recycled\SVCHOST.exe”
If you try to end task one of the process, the other processes make such changes in your system registry that u’ll be never again able to login to ur windows account. : ( [observed by me at some cases, still got to work out] The comp logs off as soon as you click on your account.
- coz of changes to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Discovered
- Place : rvce, bangalore
- Dated : April 2, 2008
- was present much earlier than this date
I’ll work on this soon, didn’t find any occurrence from anywhere else on my blog yet.
Kaspersky do not detect this virus yet, as on 15 april 2008.
Tags: Logon, Microsoft Office Word, MS Word icon, spoolsc, svchost, virus
17 April, 2008 at 12:32 am |
I already encounter this before. I created a fix for this, if you won’t mind, can i have those file to test it again? To look whether its the same variant as those i’ve encountered before.
pm me at my ym. or much better add me at ym messenger.
Let’s work on this together bro.
17 April, 2008 at 10:05 pm |
Im currently entering kilabot virus world hehe
19 July, 2008 at 11:43 am |
dear sir
i have download heal antivirus .after install this programm
while all autorun . inf virus removed .thanking you for create heal avirus
regars
shanavas
8 September, 2008 at 7:50 pm |
[...] these which might be helpful. Btw, this thread was #17 in my query result, so not a common thing. New Virus Attack : (MS Word Icon) SVCHOST SPOOLSV : : : Piyush Labs : : : SVCHOST / SPOOLSV.EXE Program Detail – TechSpot OS Resources svchost.exe & spoolsv.exe changed [...]
7 December, 2008 at 3:07 pm |
what is svchosty.exe
i think its virus ,,,,,,,,,,hidden file………which make system to slow ……..processor always shows 100 use.
any idea?
22 January, 2009 at 11:48 am |
I have a similar virus in my machine which has the following description:
The icon of these files are EXCTLY like Microsoft Windows MS Word type
Icon : MS Word
Type of File: Application
Description: Microsoft Office Word
Size : 1.80 MB
Size on disk: 1.80 MB
Copyright : Copyright © 1983-2003 Microsoft Corporation. All rights reserved.
Language : Language Neutral
This virus has disabled Task Manager and Folder Options. It is slowing down all my work and it has spoiled my pen drive too.
I formatted by pen drive but the virus is still there and could not delete it yet.
Is there any fix that I can have to avoid all these problems??? I have Avira Virus Scan but it does not recognize as a virus.
Need Help!
24 February, 2009 at 11:52 am |
I too facing the same problem.
i am using McAfee Enterprise 8.0i With Latest Update.
But it did not detect the Virus.
It Disabled the Registry Editor also.
can u pls. guide me to remove the virus.?
25 February, 2009 at 11:49 pm |
The only option left me was wipe out the my hard disk and reinstall from the scratch.
Now the performance is much better.
This virus seems to be a dangerous one, it had disabled task manager, registry, folder options and don’t know what other things it had blocked.
5 May, 2009 at 10:27 am |
after virus attack, when i ope any word document, some symbols are added in several places of the document.
if i copy this document to a thumb drive, and open the same using some other computers the documnt shows no problems
i re installed the word fully, after uninstalling and deleting the whole word program files, then also the same problem is existing
plz give me a solution