SSVICHOSST virus
Virus File Name:
ssvichosst.exe (having a folder icon)
<filename> (a file inside a folder having the same name as the folder, having folder icon)
Symptoms:
You are unable to open TaskManager, Regedit, CMD, Msconfig, etc.
Some windows open for fractions of seconds and suddenly gets closed. Like TaskManager, Regedit, etc.
No command works in ’command’ window, except ‘exit’.
The Tools>FolderOptions is gone in the Windows Explorer.
You cannot see your hidden files.
Your system has become too slow. As the virus process takes up almost half of the resources.
Behind the screen:
The virus copies the virus file “SSVICHOST.EXE” to C:Windows and to C:WindowsSystem32 .
It runs its process SSVICHOSST.EXE as the background process under User.
Processes with the other file name may also be running with the WindowTitle ‘AutoIt v3′.
It adds a startup program in HKCUSoftwareMicroSoftWindowsCurrentVersionRun as ‘Yahoo Massangger***’
Adds a value in registry, HKLMSystemControlSet001ServicesSchedule ‘AtTaskMaxHours’=0.
SOLUTION:
Download and run my HEAL FOR SSVICHOSST
or follow this long procedure . . .
End Task*
———-
1. On desktop> right-click> new> shortcut
2. Enter
taskkill.exe /F /FI “IMAGENAME eq ssvichosst.exe”
3. Next> finish
4. Double click the shortcut file just created*In some case, if this “taskkill.exe” file is not available in the windowssystem32 directory (esp. in laptops), then try to get it from someone’s comp.
Enable Task Manager
——————-
1. Start> runreg add HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f
2. Start> run
reg add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f
Enable CMD
———-
1. Start> runreg add HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableCmd /t REG_DWORD /d 0 /f
2. Start> run
reg add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableCmd /t REG_DWORD /d 0 /f
Enable Regedit
————–
1. Start> runreg add HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f
2. Start> run
reg add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f
Folder Option & Hidden Files
—————————-
1. Start> runreg add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoFolderOptions /t REG_DWORD /d 0 /f
2. Start> run
reg add HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoFolderOptions /t REG_DWORD /d 0 /f
3. Start> run
reg add HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced /v Hidden /t REG_DWORD /d 1 /f
4. Start>run
reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /t REG_DWORD /d 1 /f
reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v DefaultValue /t REG_DWORD /d 2 /f
reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f
reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f
Delete Virus Files**
——————–
1. Start> run> CMD
del %windir%ssvichosst.exe /a /f /q
del %windir%system32ssvichosst.exe /a /f /q**Do not double click these files, otherwise you have to start from the begining
Delete Startup Launch of Virus***
———————————–1. Start> run
reg delete HKCUMicrosoftWindowsCurrentVersionRun /v Yahoo Messengger
Fix for ” Windows cannot find ssvichosst
—————————————–
1. START> RUN > type CMD > now paste the following
reg add “HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon” /v Shell /t REG_SZ /d Explorer.exethis procedure is to remove the error that comes whenever you restart windows
something like “could not find SSVICHOSST” or “error loading SSVICHOSST” or “windows cannot find ssvichost”
DOWNLOAD
PRECAUTION:
Never double click on removable devices in MyComputer.
Always right-click and Explore
if you have any other problem or any doubt about the step then plz do contact me. i’m always there to help you.
26 October, 2008 at 4:50 pm
-man, THANK YOU very much!
31 October, 2008 at 3:22 pm
Hey can you plz email me the fully decompiled script of the above virus plz
I really like to study about how the script is written.
I can surely assure you that I will not use the script for any commercial useage.
Its for my private knowledge only.
I’m a student of 15 years so plz help by emailing the full script.
Plz do me this favour.
Plz Plz plz Plz Plz plz plz Plz Plz Plz Plz Plz PLz.
31 October, 2008 at 3:34 pm
plz send me the script
my email: mario_thilanga@yahoo.com
2 November, 2008 at 10:40 am
Hello! Are you interested in my objective labor I have a nice fresh joke for you people) What insect does well in school? A spelling bee.
4 November, 2008 at 4:07 pm
my toshiba satelite disk got scrached and I cannot reload some files back onto the laptop. where can I down load the files for TOSHIBA SATELITE RECOVERY DISK
7 November, 2008 at 12:34 pm
Plz send me the script piyush.
plz plz
help me and reply to my request
15 December, 2008 at 12:59 pm
I have spent hours upon hours trying to fix this on a mate’s computer! You have no idea how much I appreciate this fix! You are a legend!! Thank you!!
21 December, 2008 at 1:06 pm
when my computer start i find a message mention that “SSVICHOSST.exe” not found in the computer. what can i solve this problem?
7 February, 2009 at 12:31 pm
[...] is another tool that purports to clean up this issue at Piyush Lab. In the right column there is Heal_SSVICHOSST. __________________ We are all members helping [...]