11-17-2012 02:26 PM
When I boot a MS Windows XP PC, goes to a grey screen after briefly displaying Desktop. Going to Task Manager, can see the svnhist.exe running, but only a flash. Can't find reference to this *.exe on reputable Antivirus sites like Nortons.
Have tried to download the Norton Bootable Recovery Tool aafter logging in with my Nortons account details, but there is an error early on. This download is from my MS Vista PC.
Can anyone assist in removing this Trojan/Virus from the Windows XP 32 bit PC ?
11-17-2012 07:10 PM
Download OTL http://www.bleepingcomputer.com/download/otl/ On to the Desktop
Disable Norton / Symantec for say 30mins
Start OTL, (Right click and from the menu choose "Rin as Administrator")
Click the Scan All Users checkbox.
Change file age to 90 days
An OTL.txt and extras.txt will be created. To attach back in a post
11-18-2012 03:32 AM
I believe the cause of failing to downlod NRBT was a busy and slow ISP/site.....sorry about that, but useful to know! Very sensitive...
Downloaded latest Norton Rescue Boot Tool, booted from USB on infected Windows Pc and run scan.
The tool seemed to freeze after a couple of hours (700,000 files) of scanning, on the following file:
C:\documents and settings\all users\application data\nortoninstaller\settings\norton 360\n360_norton\product\settingsmigration\setmigr.
Never did find the virus\trojan. May just haved to format and reload Windows XP.
By the way, 2 other bootable tools from major antivirus solution providers failed to fix problem.
11-30-2012 10:35 PM
--Bootup Windows in safe mode (press F8 when booting up)
--When in safe mode: go run, and type: config, system configuration windows will open
--On system configuration, go to "Starup" tab
--Disable the Startup item of svñhîst.exe
For experience users: also disable/delete entry in registry to svñhîst.exe
12-03-2012 04:13 PM - edited 12-03-2012 04:20 PM
hi, i just ran into this same issue on windows 7. wierd grey screen appearing ~15sec after logon. other things were still running in the background and I could alt tab to them and manipulate them for a split second before the grey screen took over again. could also view other windows with 'windows key + tab' and the ctrl-alt-del menu still worked as well.
svñhîst.exe was not found, the program running and generating grey screen was named this?
WGSDGSDGDSGSD.EXE was a hidden file in "C:\Users\*\"
Registry keys found in:
forgot to record the exact location of #3 but it was right next to #2
funny because msconfig listed svñhîst as being here (location had no trace):
i still have pacified backups of the virus files and registry entries, i'm not sure if there is somebody i should send these to in order to have them analyzed? anyway, i'm pretty sure i got all of it. there was an F-1 entry having to do with userinit.ini that hijack this showed which may have been related but i just deleted that without recording anything about it. i hope this helps!
EDIT: i may have the F-1 entry in a HJT log that i have saved, i can dig it up if it will be helpful. i also have OTL logs if you'd like.
12-04-2012 09:46 AM
Wow, ok... Here I thought I was being helpful, how silly of me. Not sure what you mean by "you need your own forum"...
What exactly is so far out of my league that I shouldn't be doing on my own? It seems like I solved the problem just fine w/o somebody holding my hand, I was just offering info and a sample to help you solve the problem. I apologize.