• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

svñhîst.exe

When I boot a MS Windows XP PC, goes to a grey screen after briefly displaying Desktop. Going to Task Manager, can see the svnhist.exe running, but only a flash. Can't find reference to this *.exe on reputable Antivirus sites like Nortons.

Have tried to download the Norton Bootable Recovery Tool aafter logging in with my Nortons account details, but there is an error early on. This download is from my MS Vista PC.

Can anyone assist in removing this Trojan/Virus from the Windows XP 32 bit PC ?

labman

Replies

Kudos0

Re: svñhîst.exe

I believe the cause of failing to downlod NRBT was a busy and slow ISP/site.....sorry about that, but useful to know! Very sensitive...

Downloaded latest Norton Rescue Boot Tool, booted from USB on infected Windows Pc and run scan.

The tool seemed to freeze after a couple of hours (700,000 files) of scanning, on the following file:

C:\documents and settings\all users\application data\nortoninstaller\settings\norton 360\n360_norton\product\settingsmigration\setmigr.dat

Never did find the virus\trojan. May just haved to format and reload Windows XP.

By the way, 2 other bootable tools from major antivirus solution providers failed to fix problem.

Kudos0

Re: svñhîst.exe

Well don't follow instructions and nothing I can do.

User knows better

Quads

Kudos0

Re: svñhîst.exe

Thanks Quads. But I had to follow boss's instructions .....working for the man !

Kudos0

Re: svñhîst.exe

A Tip,

There is no point asking for help, if you will not follow any instruction, or are following someone else.

Quads

Kudos0

Re: svñhîst.exe

--Bootup Windows in safe mode (press F8 when booting up)

--When in safe mode: go run, and type: config, system configuration windows will open

--On system configuration, go to "Starup" tab

--Disable the Startup item of svñhîst.exe

For experience users: also disable/delete entry in registry to svñhîst.exe

Kudos0

Re: svñhîst.exe

hi, i just ran into this same issue on windows 7.  wierd grey screen appearing ~15sec after logon.  other things were still running in the background and I could alt tab to them and manipulate them for a split second before the grey screen took over again. could also view other windows with 'windows key + tab' and the ctrl-alt-del menu still worked as well.

svñhîst.exe was not found, the program running and generating grey screen was named this?

WGSDGSDGDSGSD.EXE was a hidden file in "C:\Users\*\"


Registry keys found in:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\svñhîst"
"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wgsdgsdgdsgsd_RASMANCS"
forgot to record the exact location of #3 but it was right next to #2


funny because msconfig listed svñhîst as being here (location had no trace):
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

i still have pacified backups of the virus files and registry entries, i'm not sure if there is somebody i should send these to in order to have them analyzed? anyway, i'm pretty sure i got all of it.  there was an F-1 entry having to do with userinit.ini that hijack this showed which may have been related but i just deleted that without recording anything about it.  i hope this helps!

EDIT: i may have the F-1 entry in a HJT log that i have saved, i can dig it up if it will be helpful.  i also have OTL logs if you'd like.

Kudos0

Re: svñhîst.exe

antigenesis  you need your own forum  and you are doing things on your own that you sould not be doing

Kudos0

Re: svñhîst.exe

When I boot a MS Windows XP PC, goes to a grey screen after briefly displaying Desktop. Going to Task Manager, can see the svnhist.exe running, but only a flash. Can't find reference to this *.exe on reputable Antivirus sites like Nortons.

Have tried to download the Norton Bootable Recovery Tool aafter logging in with my Nortons account details, but there is an error early on. This download is from my MS Vista PC.

Can anyone assist in removing this Trojan/Virus from the Windows XP 32 bit PC ?

labman

Kudos0

Re: svñhîst.exe

Wow, ok...  Here I thought I was being helpful, how silly of me. Not sure what you mean by "you need your own forum"...  

What exactly is so far out of my league that I shouldn't be doing on my own?  It seems like I solved the problem just fine w/o somebody holding my hand, I was just offering info and a sample to help you solve the problem.  I apologize.

Kudos1

Re: svñhîst.exe

Oh I see, I shouldn't have let that ruffle my feathers so much.  It only took going through a couple posts to see that David is a brash and abrasive idiot.  I'm not sure why you guys keep him around.  Anyway, I hope that info helps you guys some.  I'm off.

Kudos0

Re: svñhîst.exe

Download OTL http://www.bleepingcomputer.com/download/otl/   On to the Desktop

Disable Norton / Symantec for say 30mins 

Start OTL,  (Right click and from the menu choose "Rin as Administrator")

Click the Scan All Users checkbox.

Change file age to 90 days

Press the 

An OTL.txt  and extras.txt will be created. To attach back in a post

Quads

Replies are locked for this thread.