Question:
How to remove New Folder.exe, SSVICHOSST.exe virus ?
sankar4you2
2007-11-12 23:06:55 UTC
we are using windows xp pro sp2, Norton corporate edition 10.1 with latest definitions. Some of our systems are infected with New Folder.exe, SSVICHOSST.exe virus / Warm. When we insert a removable disk it creates 2 files / folders New Folder.exe, SSVICHOSST.exe by its own. It looks like a folder. It is also creating a .exe file in each subfolders with the folder name. My current antivirus is not finding the virus. avast is saying this as w32.sohanand-O [Wrm] and deleting these files but this is not protecting the system. we are unable to open task manager, cmd, msconfig, regedit. Please help us...
Thanks in advance.
Five answers:
anonymous
2007-11-12 23:28:21 UTC
SSVICHOSST.EXE can also use the following file names:



* 34340538.EXE

* BUZZ(27_5_07)BANO.EXE

* SRC.EXE

* CLASSES.EXE

* BUZZ.EXE

* BAK.EXE

* NEW FOLDER.EXE

* PROJECT.EXE

* REAL PLAYER.EXE

* FINALIZED.EXE

* WINDOWS MEDIA PLAYER 10.EXE

* SHOAIB DOC.EXE

* HIKA NEW BORN.EXE

* AWA WED.EXE

* HOME PIC.EXE

* SULE.EXE

* RED ERATHE SWATCH.EXE

* HAROON.EXE

* MAJU CONVICATION.EXE

* MAJU.EXE

* CARS.EXE

* PICTURE.EXE

* NEW FOLDER (8).EXE

* NEW FOLDER (12).EXE

* APPLICATION DATA.EXE

* SIS SD.EXE

* FONT.EXE

* F-TEC.EXE

* FORMATS.EXE

* FLASH.EXE

http://www.prevx.com/filenames/3252553405837432172-X1/SSVICHOSST.EXE.html



Filename:

New Folder.exe



Related to:

W32.SillyFDC

W32.Imaut.AA

W32.Svich

http://www.symantec.com/security_response/writeup.jsp?docid=2006-071111-0646-99&tabid=2

http://www.symantec.com/security_response/writeup.jsp?docid=2007-060717-3202-99&tabid=2

http://www.symantec.com/security_response/writeup.jsp?docid=2007-062911-2859-99&tabid=2
Justin
2016-08-24 11:32:16 UTC
2
gyromild
2007-11-13 00:48:48 UTC
More and more worm/viruses are using this barricading trick (disable task manager, cmd, msconfig, regedit)



The only way to clean the threat is to do it manually. The most important step is to regain regedit (ability to edit registry)



Option 1:

Go to Run, type gpedit.msc.

Goto User Configuration > Administration > Administrative Templates > System > Prevent Access To Registry Editing Tools = Disable



Option 2:

Download unhook.inf from Symantec. Install it.



Once you have regained registry, you can reverse the changes being made:

Refer to the sophos site under advance for the complete registry key list:

http://www.sophos.com/security/analyses/w32sohanap.html



Once you are sure everything have been removed, reboot



Finally do a system scan just to be sure.



All the best.
The Mad Doctor ™
2007-11-12 23:40:55 UTC
First do a virus scan from the Norton Website. http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

Click on go and then select virus scan. Let it scan the PC and if it finds anything write it down and then go to http://www.symantec.com/business/security_response/removaltools.jsp to find the removal tool. Run the tool to remove the problem.



If you do find something, after you've cleaned your system, uninstall and reinstall and update your Antivirus protection. It may have been compromised.



Additional Information on your problem:

https://answersrip.com/question/index?qid=20070619001550AAVjYd1



http://www.google.com/search?as_q=&hl=en&num=10&btnG=Google+Search&as_epq=SSVICHOSST.exe+&as_oq=&as_eq=&lr=&cr=&as_ft=i&as_filetype=&as_qdr=all&as_nlo=&as_nhi=&as_occt=any&as_dt=i&as_sitesearch=&as_rights=&safe=images



http://www.google.com/search?as_q=&hl=en&num=10&btnG=Google+Search&as_epq=New+Folder.exe&as_oq=&as_eq=&lr=&cr=&as_ft=i&as_filetype=&as_qdr=all&as_nlo=&as_nhi=&as_occt=any&as_dt=i&as_sitesearch=&as_rights=&safe=images



Good Luck,



TMD
anonymous
2014-08-31 03:56:55 UTC
CCleaner is the best tool on the market to clean up your pc. Download here http://j.mp/UrAJA4


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...