#131
|
|||
|
|||
Re: DON\'T CLICK ON THE LINK IN THE \"is this 4 real...\" THREAD
OK another question. I used system restore and went back a week. Now when I use regedit I have nothing showing up. Did this fix it or do I really have to reformat. dont have any money online but do have online banking ect.
|
#132
|
|||
|
|||
Re: DON\'T CLICK ON THE LINK IN THE \"is this 4 real...\" THREAD
edit
nevermind |
#133
|
|||
|
|||
Re: DON\'T CLICK ON THE LINK IN THE \"is this 4 real...\" THREAD
[ QUOTE ]
What I have on mine is svcholt not svchost [/ QUOTE ] Ok. This a really crappy trojan. It should be okay to just delete the svcholt.exe from your Program Files directory. I would also delete any eMondo entries from my registry, but if you're not comfortable doing that (if you're not sure, you're not comfortable) it'll still probably be okay. I'd also keep an eye on task manager for a couple weeks to see if any instances of svcholt recur. |
#134
|
|||
|
|||
Re: DON\'T CLICK ON THE LINK IN THE \"is this 4 real...\" THREAD
[ QUOTE ]
i have 1 under AIM 6 and 1 under C:\I386 and 1 under c:\program files\common files\AOL\1149599630\ee [/ QUOTE ] I think ur infected, but not from this website. |
#135
|
|||
|
|||
Re: DON\'T CLICK ON THE LINK IN THE \"is this 4 real...\" THREAD
I did this also before using system resto.
|
#136
|
|||
|
|||
Re: DON\'T CLICK ON THE LINK IN THE \"is this 4 real...\" THREAD
[ QUOTE ]
OK another question. I used system restore and went back a week. Now when I use regedit I have nothing showing up. Did this fix it or do I really have to reformat. dont have any money online but do have online banking ect. [/ QUOTE ] You should be fine. Keep checking your registry periodically for the next few weeks to see if the entries recur. If they don't, I wouldn't worry about it. |
#137
|
|||
|
|||
Re: DON\'T CLICK ON THE LINK IN THE \"is this 4 real...\" THREAD
[ QUOTE ]
[ QUOTE ] i have 1 under AIM 6 and 1 under C:\I386 and 1 under c:\program files\common files\AOL\1149599630\ee [/ QUOTE ] I think ur infected, but not from this website. [/ QUOTE ] i have symantec and scanned and nothing came up. any idea what i should do? btw thanks so much everyone this is awesome |
#138
|
|||
|
|||
Re: DON\'T CLICK ON THE LINK IN THE \"is this 4 real...\" THREAD
Everyone just download this prog if u think your infected
http://www.download.com/SnoopFree-Pr...ml?tag=lst-0-1 If you log onto any keylogging progs(pokerstars,full tilt, aim,msn etc) it will prompt you with files that are trying to track your login information. If the file looks suspicious you can just block it until the desired file(s) are gone. |
#139
|
|||
|
|||
Re: DON\'T CLICK ON THE LINK IN THE \"is this 4 real...\" THREAD
i have a file named svcholt under my program files, when i open it this is what is displayed - <RemoteSettings>
- <Appearance> <Title>svcholt</Title> <FileName>svcholt.exe</FileName> </Appearance> - <Behavior> <Mode>Service</Mode> <EnableListener>true</EnableListener> <ListenPort>8551</ListenPort> <AllowSimplifyUI>false</AllowSimplifyUI> <SilentInstall>false</SilentInstall> <EnableLogging>false</EnableLogging> <CheckForUpdates>false</CheckForUpdates> </Behavior> - <Sessions> - <Session Name="Default"> - <Connection> <AccountName>morti</AccountName> <StaticHost>false</StaticHost> <Switchboard>http://www.emando.net/services/switc...witchboard> <Host /> <Port>8550</Port> </Connection> <DisplayName /> <Group /> </Session> </Sessions> - <General> <MachineId>4edecd7b-d3f4-4aff-ac71-25edaf49e123</MachineId> <ControllerServerPort>8552</ControllerServerPort> </General> </RemoteSettings> tercet what do i need to go to get rid of this |
#140
|
|||
|
|||
Re: DON\'T CLICK ON THE LINK IN THE \"is this 4 real...\" THREAD
[ QUOTE ]
i have a file named svcholt under my program files, when i open it this is what is displayed - <RemoteSettings> - <Appearance> <Title>svcholt</Title> <FileName>svcholt.exe</FileName> </Appearance> - <Behavior> <Mode>Service</Mode> <EnableListener>true</EnableListener> <ListenPort>8551</ListenPort> <AllowSimplifyUI>false</AllowSimplifyUI> <SilentInstall>false</SilentInstall> <EnableLogging>false</EnableLogging> <CheckForUpdates>false</CheckForUpdates> </Behavior> - <Sessions> - <Session Name="Default"> - <Connection> <AccountName>morti</AccountName> <StaticHost>false</StaticHost> <Switchboard>http://www.emando.net/services/switc...witchboard> <Host /> <Port>8550</Port> </Connection> <DisplayName /> <Group /> </Session> </Sessions> - <General> <MachineId>4edecd7b-d3f4-4aff-ac71-25edaf49e123</MachineId> <ControllerServerPort>8552</ControllerServerPort> </General> </RemoteSettings> tercet what do i need to go to get rid of this [/ QUOTE ] Open task manager, under the processes tab find svcholt.exe, kill it. Delete this file from you Program Files directory. |
|
|