How To: Remove SCVHOST.exe (W32/YahLover.Worm.gen or Win32/Autorun.R.worm) Safely From Windows Vista/XP

This type of worm hides itself as SCVHOST.EXE or SCVHOSTS.EXE so it will look like the legitimate Windows program SVCHOST.EXE. This type of virus usually spread through Yahoo Messenger. This virus is also known as W32/YahLover.Worm.gen and Win32/Autorun.R.worm. One way to avoid infection from this virus is to ignore any invites from unknown friends.

This virus/worm installs to Windows Vista/XP itself in autorun.inf and once double click it will spread itself unto your system. Furthermore, it copies itself through all the shared folders on your computers throughout the network and installs itself in the Windows Vista/XP registry entries remotely.

Here are indication that your computer is infected with this virus.

• This virus/worm blocks the Windows Vista/XP task manager.(way to fix your task manager)
• The worm changes the Windows registry to prevent running task manager and editing registry for harder detection. (way to enable registry editor)
• It automatically restarts the computer when you try to go to the command prompt.
• It duplicates itself to different locations of the shared folders. The duplicated virus/worm uses a FOLDER icon with an .exe file extension. WARNING! DO NOT double click these folders.
• It autostart via registry keys Windows->Run and add itself to WinNT->WinLogon->Explorer.exe
  

How to remove the virus from Windows Vista/XP

You can use NOD32 or any strong antovirus programs to remove this virus but if you don’t have a anti-virus or your antivirus can’t remove this virus try following the steps below to remove it manually.

• Boot your system in Safe Mode Command Prompt Only
• After you log-in the command prompt will be opened (LOG-IN AS ADMINISTRATOR).
• Type CD C:\WINDOWS\SYSTEM32 (I assume that your Windows System files are located at Drive C)
• Type DIR /ah, this will display all hidden files on this directory folder. You will see the following files which is used by the virus to spread itself: AUTORUN.INI, BLASTCLNNN.EXE, and SCVHOST.EXE

Type ATTRIB -H -R -S SCVHOST.EXE
Type ATTRIB -H -R -S BLASTCLNNN.EXE
Type ATTRIB -H -R -S AUTORUN.INI
Type DEL SCVHOST.EXE
Type DEL BLASTCLNNNN.EXE
Type DEL AUTORUN.INI
Type CD\
Type ATTRIB -H -R -S AUTORUN.INF
Type DEL AUTORUN.INF

• After following the steps on removing the virus/worm files, the virus should now be removed from the registry of your system.
• At the Windows Vista/XP command prompt type REGEDIT and press ENTER key. This will run the Windows Registry Editor
• From the registry, look for the keys: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, you will see an entry Yahoo! Messengger (it’s spelled like this) with a value c:\windows\system32\scvhost.exe, Delete this entry.
• Look again for the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, there’s an entry named: SHELL, it has a value = Explorer.exe SCVHOST.EXE , DON’T delete this entry!!! Just edit this entry and REMOVE the SCVHOST.EXE so that Explorer.exe will be the only value that remains from this registry entry.

After carefully following all the steps restart your Windows Vista/XP computer on normal mode and the virus should now be gone.

Popularity: 2%

Did You Like This Post? Then You Might Find These Also Interesting:

• How To: Fix Windows Error “Task Manager Has Been Disabled By Your Administrator” (0)
• How To: Fix Windows Boot Time Error “NTLDR Is Missing” (2)
• How To: Fix Windows Stop Error Code 0×0000021A or STATUS_SYSTEM_PROCESS_TERMINATED (0)
• How To: Fix Windows Stop Error Code 0×0000002E or DATA_BUS_ERROR (0)
• How To: Fix Disappearing DVD/CD-ROM Drives In Windows Vista Or In XP(Error Code 39) (0)
• How To: Fix Windows Stop Error Code 0xC0000221 or STATUS_IMAGE_CHECKSUM_MISMATCH (0)
• How To: Fix Windows Stop Error Code 0×00000024 Or NTFS_FILE_SYSTEM (0)
• How To: Fix Windows Vista Stop Error 0×00000050(PAGE_FAULT_IN_NONPAGED_AREA) (0)
• How To: Fix Windows Stop Error “Stop 0×0000000A or IRQL_NOT_LESS_OR_EQUAL” (0)
• How To: Delete Un-Deletable “Access Denied” Files or Folders in Windows Vista/XP (0)
• How To: Fix “BOOTMGR Is Missing” Boot Time Error In Windows Vista (0)
• Fix: Right-Click is Slow or Weird Behavior in Windows Vista or in XP (1)
• How To: Fix Windows Stop Error “STOP 0×0000007B: INACCESSABLE_BOOT_DEVICE” (0)

Written by Tony on September 20th, 2008 with no comments.
Read more articles on Windows Error Fix.

Related articles

• How To: Remove SCVHOST.exe (W32/YahLover.Worm.gen or Win32/Autorun.R.worm) Safely From Windows Vista/XP (September 20th, 2008)
• How To: Remove SCVHOST.exe (W32/YahLover.Worm.gen or Win32/Autorun.R.worm) Safely From Windows Vista/XP (September 20th, 2008)
• How To: Remove SCVHOST.exe (W32/YahLover.Worm.gen or Win32/Autorun.R.worm) Safely From Windows Vista/XP (September 20th, 2008)
• How To: Remove SCVHOST.exe (W32/YahLover.Worm.gen or Win32/Autorun.R.worm) Safely From Windows Vista/XP (September 20th, 2008)
• How To: Remove SCVHOST.exe (W32/YahLover.Worm.gen or Win32/Autorun.R.worm) Safely From Windows Vista/XP (September 20th, 2008)