First one=SVCHOST.EXE
It looks like Word File, (ref: my previous post).
The file name is *.scr , (ie screen saver file)
It hides your original word document and instead there a *.scr file is created which is of the same name of the word file.
For ex, you create a document Hello.doc and after you write on it and save it, the Hello.doc gets system hidden, and a file named Hello.scr is created which is having the same word icon.
In the administrator account, it makes such a change in registry that you will never be able to login to your account. When you click on your login name it logs in and suddenly logs out.
So, whenever opening word file, right click and check the options.
For virus file, it will be: open,run,run as,test,configure,etc
Once if you get the virus in limited user , never login to your admin. or else , as i said, it makes such a change in registry that you will nerver be able to login again.
Second=spoolsv.exe
the virus writer has done a quite much research on autorun property.
when you insert your pen drive, (if autorun is ON) , it asks for what to do, eg,
open using windows explorer, open using WMP, open using Nero, view photos using some s/w, etc.
but if it has this virus, it will say
“open using software provided on this device”
So, be careful.
After the virus is installed, i found no separte virus process, probably it injects some dlls
I am unable to find the solution yet.
its challenging… hmm…
Third=SHAHROKH.EXE
how come anyone misspell shahrukh khan. its so sad. : )
it creates AUTORUNS.EXE, and EXPLORER.EXE files.
the EXPLORER.EXE file is placed inside c:\windows\system32\ folder.
so, whenevre the comp starts , it doesnt load the genuine window’s EXPLORER.EXE but it runs the virus EXPLORER.EXE program.
This happens because in the “path” system32 directory has higher preference than windows directory…
now i think, y doesnt the windows’s EXPLORER.EXE is not placed in system32 folder.
My semester exams this month, so m going to hibernate, gud bye guys… be in touch.
4 July, 2008 at 3:13 pm |
how do i remove these three viruses????
I GOT ALL THREE OF THEM
10 July, 2008 at 7:43 pm |
Hey Piyush, Can you tell me whether your Heal pen drive 1.0 heals all ssvichosst.exe files too.?
14 July, 2008 at 11:19 pm |
hi piyush..i too hav all those virus attacks in my system..plz tell me hw i can remove all those threats..
3 August, 2008 at 10:16 pm |
how to remove regsvr.exe pls tell me
25 August, 2008 at 1:10 am |
Sir ur site nd antiviruses r of gre8 help to me now plzz give me the solution for shahrokh.exe and antivirus to delete it plzz reply as soon as possible
12 September, 2008 at 2:30 pm |
Format u r computer using bootable disk.
12 September, 2008 at 2:31 pm |
Can anybody mail me with complete information about regsvr.exe
3 December, 2008 at 7:55 pm |
That virus shahrokh.exe is on my i-pod… It disables task manager of any desktop or laptop i connect. Now my computer is reformatted and it is clean…. But the virus is still there in the i-pod… how do i delete it from the i-pod permanently? plz help ……
1 May, 2009 at 6:05 pm |
Pleez help me to remove shahrokh.exe virus from my F drive…
it gets deleted but once i restart the computer its der again…
plz help me to remove this virus……………………
4 May, 2009 at 7:31 pm
Robin, follow the steps at http://piyushlabs.wordpress.com/self-troubleshooting-manual-steps-to-kick-out-any-virus/ you will be able to remove it… Delete the Explorer.exe file in C:\windows\system32\explorer.exe (i think it creates this virus file, dont remember…)
The one in C:\windows\explorer.exe is genuine…
5 May, 2009 at 7:38 pm |
but i dont have any explorer.exe file in C:\windows\system32
i am using windows 7…..hope tat shahrokh.exe wont do any bad to the processor….
12 May, 2009 at 9:21 pm
Robin,
Sorry i can’t help you because i have never used windows7.
Any antivirus u have, just update it. It should remove the virus, as its about 1 year old virus.
13 May, 2009 at 5:40 pm |
thnkz piyush…
kaspersky detected it and even avira did….
15 May, 2009 at 8:11 pm
good