New Virus Attack : (MS Word Icon) SVCHOST SPOOLSV

Discovered a new virus that resides in c:\Recycled

  • CTFMON.exe
  • SMSS.exe
  • SPOOLSV.exe
  • SVCHOST.exe

The icon of these files are EXCTLY like Microsoft Windows MS Word type

  • Icon : MS Word
  • Type of File: Application
  • Description: Microsoft Office Word
  • Size : 55.0 KB (56,320 bytes)
  • Size on disk: 56.0 KB (57,344 bytes)
  • File version : 11.0.5604.0
  • Copyright : Copyright © 1983-2003 Microsoft Corporation. All rights reserved.
  • Language : Language Neutral
  • etc

It adds to the startup at

  • HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
  • Explorer.exe “C:\recycled\SVCHOST.exe”

If you try to end task one of the process, the other processes make such changes in your system registry that u’ll be never again able to login to ur windows account. : ( [observed by me at some cases, still got to work out] The comp logs off as soon as you click on your account.

  • coz of changes to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Discovered

  • Place : rvce, bangalore
  • Dated : April 2, 2008
  • was present much earlier than this date

I’ll work on this soon, didn’t find any occurrence from anywhere else on my blog yet.

Kaspersky do not detect this virus yet, as on 15 april 2008.

Have a look at the virus file

Tags: , , , , ,

11 Responses to “New Virus Attack : (MS Word Icon) SVCHOST SPOOLSV”

  1. t68kv Says:

    I already encounter this before. I created a fix for this, if you won’t mind, can i have those file to test it again? To look whether its the same variant as those i’ve encountered before.

    pm me at my ym. or much better add me at ym messenger.
    Let’s work on this together bro.

  2. t68kv Says:

    Im currently entering kilabot virus world hehe

  3. shanavas Says:

    dear sir

    i have download heal antivirus .after install this programm
    while all autorun . inf virus removed .thanking you for create heal avirus

    regars
    shanavas

  4. svchost.exe swopped...? - Science Forums Says:

    […] these which might be helpful. Btw, this thread was #17 in my query result, so not a common thing. New Virus Attack : (MS Word Icon) SVCHOST SPOOLSV : : : Piyush Labs : : : SVCHOST / SPOOLSV.EXE Program Detail – TechSpot OS Resources svchost.exe & spoolsv.exe changed […]

  5. Vishal Says:

    what is svchosty.exe
    i think its virus ,,,,,,,,,,hidden file………which make system to slow ……..processor always shows 100 use.

    any idea?

  6. Krishna Acha Says:

    I have a similar virus in my machine which has the following description:

    The icon of these files are EXCTLY like Microsoft Windows MS Word type

    Icon : MS Word
    Type of File: Application
    Description: Microsoft Office Word
    Size : 1.80 MB
    Size on disk: 1.80 MB
    Copyright : Copyright © 1983-2003 Microsoft Corporation. All rights reserved.
    Language : Language Neutral

    This virus has disabled Task Manager and Folder Options. It is slowing down all my work and it has spoiled my pen drive too.

    I formatted by pen drive but the virus is still there and could not delete it yet.

    Is there any fix that I can have to avoid all these problems??? I have Avira Virus Scan but it does not recognize as a virus.

    Need Help!

  7. Ravivarman Says:

    I too facing the same problem.
    i am using McAfee Enterprise 8.0i With Latest Update.
    But it did not detect the Virus.

    It Disabled the Registry Editor also.

    can u pls. guide me to remove the virus.?

  8. Krishna Acha Says:

    The only option left me was wipe out the my hard disk and reinstall from the scratch.

    Now the performance is much better.

    This virus seems to be a dangerous one, it had disabled task manager, registry, folder options and don’t know what other things it had blocked.

  9. Alsaheer Says:

    after virus attack, when i ope any word document, some symbols are added in several places of the document.
    if i copy this document to a thumb drive, and open the same using some other computers the documnt shows no problems
    i re installed the word fully, after uninstalling and deleting the whole word program files, then also the same problem is existing
    plz give me a solution

  10. Susie Bea Says:

    I have this problem today, 7/20/12. Very sad. I have been working on an excel worksheet for three days. Now l have to start over. I have to share the document with coworkers and infecting computers at work is not an option.

    Does anyone know if there is a way to tell if a document can carry the virus to a different computer?

  11. maria andreou Says:

    pls if someone can help

    all icons have been replaced by word icon. is this a virus? any help?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: