SSVICHOSST virus

Virus File Name:

ssvichosst.exe (having a folder icon)

<filename> (a file inside a folder having the same name as the folder, having folder icon)

Symptoms:

You are unable to open TaskManager, Regedit, CMD, Msconfig, etc.

Some windows open for fractions of seconds and suddenly gets closed. Like TaskManager, Regedit, etc.

No command works in ‘command’ window, except ‘exit’.

The Tools>FolderOptions is gone in the Windows Explorer.

You cannot see your hidden files.

Your system has become too slow. As the virus process takes up almost half of the resources.

Behind the screen:

The virus copies the virus file “SSVICHOST.EXE” to C:Windows and to C:WindowsSystem32 .

It runs its process SSVICHOSST.EXE as the background process under User.

Processes with the other file name may also be running with the WindowTitle ‘AutoIt v3’.

It adds a startup program in HKCUSoftwareMicroSoftWindowsCurrentVersionRun as ‘Yahoo Massangger***’

Adds a value in registry, HKLMSystemControlSet001ServicesSchedule ‘AtTaskMaxHours’=0.

Complete detail

SOLUTION:

Download and run my HEAL FOR SSVICHOSST

or follow this long procedure . . .

End Task*
———-
1. On desktop> right-click> new> shortcut
2. Enter
 taskkill.exe /F /FI “IMAGENAME eq ssvichosst.exe”
3. Next> finish
4. Double click the shortcut file just created

*In some case, if this “taskkill.exe” file is not available in the windowssystem32 directory (esp. in laptops), then try to get it from someone’s comp.

Enable Task Manager
——————-

1. Start> run

 reg add HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f

2. Start> run

 reg add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f

Enable CMD
———-

1. Start> run

 reg add HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableCmd /t REG_DWORD /d 0 /f

2. Start> run

 reg add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableCmd /t REG_DWORD /d 0 /f

Enable Regedit
————–

1. Start> run

 reg add HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f

2. Start> run

 reg add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f

Folder Option & Hidden Files
—————————-

1. Start> run

 reg add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoFolderOptions /t REG_DWORD /d 0 /f

2. Start> run

 reg add HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoFolderOptions /t REG_DWORD /d 0 /f

3. Start> run

 reg add HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced /v Hidden /t REG_DWORD /d 1 /f

4. Start>run

 reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /t REG_DWORD /d 1 /f
 

reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v DefaultValue /t REG_DWORD /d 2 /f

 reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f
 

reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f

Delete Virus Files**
——————–

1. Start> run> CMD
 del %windir%ssvichosst.exe /a /f /q
 del %windir%system32ssvichosst.exe /a /f /q

**Do not double click these files, otherwise you have to start from the begining

Delete Startup Launch of Virus***
———————————–

1. Start> run
 reg delete HKCUMicrosoftWindowsCurrentVersionRun /v Yahoo Messengger

Fix for ” Windows cannot find ssvichosst
—————————————–

1. START> RUN > type CMD > now paste the following
reg add “HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon” /v Shell /t REG_SZ /d Explorer.exe

 this procedure is to remove the error that comes whenever you restart windows
  something like “could not find SSVICHOSST” or “error loading SSVICHOSST” or “windows cannot find ssvichost”

DOWNLOAD

Heal for SSVICHOSST 

Download Page for other heals

PRECAUTION:

Never double click on removable devices in MyComputer.

Always right-click and Explore

if you have any other problem or any doubt about the step then plz do contact me. i’m always there to help you.

151 Responses to “SSVICHOSST virus”

  1. xanhellx Says:

    -man, THANK YOU very much!

    🙂

  2. Mario Fernando Says:

    Hey can you plz email me the fully decompiled script of the above virus plz

    I really like to study about how the script is written.
    I can surely assure you that I will not use the script for any commercial useage.
    Its for my private knowledge only.
    I’m a student of 15 years so plz help by emailing the full script.

    Plz do me this favour.
    Plz Plz plz Plz Plz plz plz Plz Plz Plz Plz Plz PLz.

  3. Mario Fernando Says:

    plz send me the script

    my email: mario_thilanga@yahoo.com

  4. Realcogacleks Says:

    Hello! Are you interested in my objective labor I have a nice fresh joke for you people) What insect does well in school? A spelling bee.

  5. mordecai Says:

    my toshiba satelite disk got scrached and I cannot reload some files back onto the laptop. where can I down load the files for TOSHIBA SATELITE RECOVERY DISK

  6. Mario Says:

    Plz send me the script piyush.
    plz plz
    help me and reply to my request

  7. Shannon Says:

    I have spent hours upon hours trying to fix this on a mate’s computer! You have no idea how much I appreciate this fix! You are a legend!! Thank you!!

  8. hemant Says:

    when my computer start i find a message mention that “SSVICHOSST.exe” not found in the computer. what can i solve this problem?

  9. Hell with SSVICHOSST.exe - Computer Support & PC Help Forums - Provided By Free PC Help Says:

    […] is another tool that purports to clean up this issue at Piyush Lab. In the right column there is Heal_SSVICHOSST. __________________ We are all members helping […]

  10. hapreet Says:

    hello sir,,em facing d problem wid ssvichosst virus,,n i am unable to delete this folder…
    what shoul i di now??plz help me

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: