Not what you were looking for? Ask our experts!
Reply
Visitor
labman
Posts: 3
Registered: ‎11-17-2012

svñhîst.exe

When I boot a MS Windows XP PC, goes to a grey screen after briefly displaying Desktop. Going to Task Manager, can see the svnhist.exe running, but only a flash. Can't find reference to this *.exe on reputable Antivirus sites like Nortons.

 

Have tried to download the Norton Bootable Recovery Tool aafter logging in with my Nortons account details, but there is an error early on. This download is from my MS Vista PC.

 

Can anyone assist in removing this Trojan/Virus from the Windows XP 32 bit PC ?

 

labman

Bot Obliterator
Quads
Posts: 16,529
Registered: ‎07-21-2008

Re: svñhîst.exe

Download OTL http://www.bleepingcomputer.com/download/otl/   On to the Desktop

 

Disable Norton / Symantec for say 30mins 

 

Start OTL,  (Right click and from the menu choose "Rin as Administrator")

Click the Scan All Users checkbox.

Change file age to 90 days

 

Press the 

 

 

An OTL.txt  and extras.txt will be created. To attach back in a post

 

Quads

Visitor
labman
Posts: 3
Registered: ‎11-17-2012

Re: svñhîst.exe

I believe the cause of failing to downlod NRBT was a busy and slow ISP/site.....sorry about that, but useful to know! Very sensitive...

 

Downloaded latest Norton Rescue Boot Tool, booted from USB on infected Windows Pc and run scan.

 

The tool seemed to freeze after a couple of hours (700,000 files) of scanning, on the following file:

 

C:\documents and settings\all users\application data\nortoninstaller\settings\norton 360\n360_norton\product\settingsmigration\setmigr.dat

 

Never did find the virus\trojan. May just haved to format and reload Windows XP.

 

By the way, 2 other bootable tools from major antivirus solution providers failed to fix problem.

 

 

 

 

 

 

 

 

 

Bot Obliterator
Quads
Posts: 16,529
Registered: ‎07-21-2008

Re: svñhîst.exe

Well don't follow instructions and nothing I can do.

 

User knows better

 

Quads

Visitor
labman
Posts: 3
Registered: ‎11-17-2012

Re: svñhîst.exe

Thanks Quads. But I had to follow boss's instructions .....working for the man !

Bot Obliterator
Quads
Posts: 16,529
Registered: ‎07-21-2008

Re: svñhîst.exe

A Tip,

 

There is no point asking for help, if you will not follow any instruction, or are following someone else.

 

Quads

Newbie
hppirate
Posts: 1
Registered: ‎11-30-2012

Re: svñhîst.exe

--Bootup Windows in safe mode (press F8 when booting up)

--When in safe mode: go run, and type: config, system configuration windows will open

--On system configuration, go to "Starup" tab

--Disable the Startup item of svñhîst.exe

 

For experience users: also disable/delete entry in registry to svñhîst.exe

Visitor
antigenesis
Posts: 4
Registered: ‎12-03-2012

Re: svñhîst.exe

[ Edited ]

hi, i just ran into this same issue on windows 7.  wierd grey screen appearing ~15sec after logon.  other things were still running in the background and I could alt tab to them and manipulate them for a split second before the grey screen took over again. could also view other windows with 'windows key + tab' and the ctrl-alt-del menu still worked as well.

 

svñhîst.exe was not found, the program running and generating grey screen was named this?

WGSDGSDGDSGSD.EXE was a hidden file in "C:\Users\*\"


Registry keys found in:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\svñhîst"
"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\wgsdgsdgdsgsd_RASMANCS"
forgot to record the exact location of #3 but it was right next to #2


funny because msconfig listed svñhîst as being here (location had no trace):
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

 

 

i still have pacified backups of the virus files and registry entries, i'm not sure if there is somebody i should send these to in order to have them analyzed? anyway, i'm pretty sure i got all of it.  there was an F-1 entry having to do with userinit.ini that hijack this showed which may have been related but i just deleted that without recording anything about it.  i hope this helps!

 

EDIT: i may have the F-1 entry in a HJT log that i have saved, i can dig it up if it will be helpful.  i also have OTL logs if you'd like.

 

DavidThomas88
Posts: 885
Topics: 133
Kudos: 51
Solutions: 20
Registered: ‎12-21-2010

Re: svñhîst.exe

antigenesis  you need your own forum  and you are doing things on your own that you sould not be doing

Visitor
antigenesis
Posts: 4
Registered: ‎12-03-2012

Re: svñhîst.exe

Wow, ok...  Here I thought I was being helpful, how silly of me. Not sure what you mean by "you need your own forum"...  

 

What exactly is so far out of my league that I shouldn't be doing on my own?  It seems like I solved the problem just fine w/o somebody holding my hand, I was just offering info and a sample to help you solve the problem.  I apologize.