SCVHSOT.exe


We are using Symantec Corporate Edition Version 10.1

In one of the Windows 2003 Server Machine, Registry editing, Task Manager, Folder options are said to be disabled by Administrator. A new user with Administrative rights has been added. It is not possible to edit this user.

Symantec Scan done in normal and safe modes says there are no virus threats

This virus has possibly entered through a pen drive used a few days back. We found that auto protect is often disabled by this virus and had to be manually re-enabled

Since registry, task manager and folder options are blocked there is no way of using the regular manual clean up processes.

The error message " Registry Editing has been disabled by Administrator appears as soon as the machine is booted or rebooted

We have also run FixSflog.exe tool. The result says that this computer is not infected

From whatever little research we could do this virus is using 'AutoIt' script and uses a file called SCVHSOT.exe in windows\system32 folder which is not visible. We came to know about it because of an error message thrown up by 'AutoIt'

This virus has entered by disabling autoprotect after acquiring administrative rights of an 'Owner'

We have also identified another machine using WidowsXP machine having the same problem

Any help will be appreciated

SCVHSOT.exe

We are using Symantec Corporate Edition Version 10.1

In one of the Windows 2003 Server Machine, Registry editing, Task Manager, Folder options are said to be disabled by Administrator. A new user with Administrative rights has been added. It is not possible to edit this user.

Symantec Scan done in normal and safe modes says there are no virus threats

This virus has possibly entered through a pen drive used a few days back. We found that auto protect is often disabled by this virus and had to be manually re-enabled

Since registry, task manager and folder options are blocked there is no way of using the regular manual clean up processes.

The error message " Registry Editing has been disabled by Administrator appears as soon as the machine is booted or rebooted

We have also run FixSflog.exe tool. The result says that this computer is not infected

From whatever little research we could do this virus is using 'AutoIt' script and uses a file called SCVHSOT.exe in windows\system32 folder which is not visible. We came to know about it because of an error message thrown up by 'AutoIt'

This virus has entered by disabling autoprotect after acquiring administrative rights of an 'Owner'

We have also identified another machine using WidowsXP machine having the same problem

Any help will be appreciated
Re: SCVHSOT.exe

I think you should really be leveraging support to deal with this issue; it is going to be highly likely they have seen this issue.
Re: SCVHSOT.exe

I had over 40 machines infected with this "virus". Since it disables everything, including the antivirus, here's a workaround.

First do this: run unhookexec.inf to enable the registry (can be dled from symantec)

1. Boot in Safe mode with command prompt.
2. go to your windows folder and enter this command. ATTRIB
you will usually find two files; autorun.ini -shr and scvhsot.exe shr
modify the attributes and remove the system, hidden and read only attribs [attrib scvhsot.exe -s -h -r]
3. now go to the windows/system32 and do the same as step2
4. these files are also located on all root partitions/drives; repeat step2
5. enter this command: regedit
6. remove all related keys/strings
hklm>software>microsoft>windows>currentversion>run -----> remove items running scvhsot
hkcu>software>microsoft>windows>currentversion>run------> remove items running scvhsot
hklm>software>microsoft>windowsnt>currentversion>winlogon -----> modify key shell (it must be Explorer.exe only)
7. Restart

Your registry editor, taskmanager, msconfig, and other administration tools should be working. Update your antivirus and run a full scan.



how to remove auto run optionin pen drive


open notepadsave empty content with file name "autorun.inf" and change save as type to "All files"copy auutorun.inf file to ur thumdrive.if it ask to overwrite, then overwrite.

HOME , FREE 4 u


These are few cool tips for ur sys just enjoy



What to do when ur PC gets Infected !!

if your Computer gets Infetced by a Trojan or Virus or someone

connects to your Comp. then this tutorial is for u:

in Windows XP >

go in Start > RUN > type: cmd
in Command Prompt Window type: netstat -ano
No see if someone connects to your PC (computer), you will see a ESTABLISHED text with IP & PID
Now, suppose if my PC gets hacked, & someone connect to my PC.e.g. 86.144.192.236:50103 ESTABLISHED 2924
2.Then Go in Task Manager (CTRL + ALT + DEL)
Click on View > Select Columns.. > select PID (Process Identifier)
Now kill PID : 2924 .. (as in my case it's a YahooMesenger Process)
Now ur are Disconnected from tat Hacker or Trojan.
Now run ur Trojan Scanners & Anti-virus. & clean ur PC.Note: sometimes Trojans get PID of system.


Open Every File With Notepad:

Goto Run

Type Regedit Press Enter

Then Goto

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\Shell

Create A New Key Named "notepad" and Set Its default value to be "Open With Notepad"

now under "notepad", add a key "Command"

and Set its default value to be (with the quotes)

"C:\Windows\System32\Notepad.exe" "%1"

Ok,Now exit regedit and go right click on ANY file...

Your New Option: Open with Notepad will appear..there

Change Text on XP Start button:

Now that the modified explorer.exe has been created it’s necessary to modify the registry so the file will be recognized when the user logs on to the system. If you don’t know how to access the registry I’m not sure this article is for you, but just in case it’s a temporary memory lapse,

go to Start (soon to be something else)

Run and type "regedit" (without quotes) then press enter

Navigate to:
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon

In the right pane, double click the Shell entry to open the Edit String dialog box.

In Value data: line, enter the name that was used to save the modified explorer.exe file.

Click OK.
Close Registry Editor and either log off the system and log back in, or reboot the entire system if that’s your preference. If all went as planned you should see your new Start button with the revised text.

Set Video as ur Desktop Wallpaper

for that u need a VLC media player

take it from here http://www.videolan.org/vlc/download-windows.html

1: install it.

2: Run VLC media player

3: Go to Settings->preferences->Interface->Main interfaces,den click on wxWidgets

4: Remove de tick from "Taskbar" n put a tick on "Systray icon".

5: then go to Video->Output Modules->DirectX...

6: On the bottom right put a tick on advanced options check box.now u will see some options....Put a tick on "Enable Wallpaper Mode "

7: Den select playlist n put a tick on "Repeat current item"

8: Click on Save button.

9: Restart ur player

10: Den play any video u wud like to set as Wallpaper

11: Right click on de video and click on "Wallpaper".The video wud be set as ur wallpaper!!!!
Thats it !!!

For removing de wallpaper just close de player n u will get back ur original "wallpaper"

make ur Notepad a diary

!!Sometimes we want to insert current data and time, whenever we open the file in the notepad.

If you are a lazy person like me, who don’t like to press F5 whenever you open a notepad.

Then here is a trick to avoid this.

Just add a .LOG in the first line of your text file and close it.

Whenever you open the file with that text in the first line in the notepad, it will insert the

current date and time at the end of the file. You can start entering your text after that.

Enter your search terms Submit search form