Ace 0 Posted February 11, 2004 Yea, my McAfee 6.0 program detected a virus but when I try to delete it, it tells me that I don't have access or something so I can't delete. I have only one account on my Windows XP and I have full control over everything. All I could do was jsut press "Stop." This happened to another virus detected right after, then the first virus file popped up again and I said "Stop" then the pop-ups stopped. So has the virus gone away now, or should I do something else? Share this post Link to post
Yankee 0 Posted February 11, 2004 I had a the same problem not to long ago. It was some kind of trojan running as a process. Pull up the task manager and check your running processes. If this is the case simply end the process and rescan. You should be able to delete it with no problem. Hope this helps Chris Share this post Link to post
Ace 0 Posted February 12, 2004 Ok, so I ended up restarting the computer, then scanning the virus with McAfee. It found two infected files and I cleaned them. But when I look into my Task Manager, there's three applications running with the file name svchost.exe, which the filename of the virus. Now the user name though were Local Service, Network Service, and System. So is this is a coincidence or something? Share this post Link to post
dcyphure 0 Posted February 14, 2004 you should only have 4 svchost.exe's and its quite common for people to name the virus as something you would already have in hopes the user wont realize it...in run box type msconfig...select startup tab...svchost should not be on there..if so delete it...you can actually uncheck anything there and windows will operate fine, its mostly 3rd party programs taht run here make sure you have a good firewall...get zonealarm, they have a free version thats gotten great reviews to make sure the virus doesnt send any personal data....especially if its a keylogger..it will log any keystroke you type so its impossible to say what might have already been sent so its imperative that after you remove the virus you change all your passwords, if you ever typed your credit card info when ordering online then you should cancel that card and ask for a new one..there are many keyloggers that antivirus doesnt detect as well www.keyspy.net is one of them...this keylogger has a binder available to members seperatly thats used to attach the spy to any file type..even .jpg or .mp3..the spy itself cant be detected and can be named to anything...there are many like this thats undetectable by antivirus so make sure you check whats running at startup from time to time get a firewall...a antispy scanner can help too...www.pestpatrol.com has a very good one with lots of good info about spys Share this post Link to post
Ace 0 Posted February 15, 2004 Yea, in the msconfig, it is not there. I do have ZoneAlarm Pro as my firewall and I have lots of Spyware software to scan and monitor my computer. But the virus name actually is Exploit.DCOM-RPC.gen. This is the virus that McAfee detected the file as. There are two files that it detects, svchost.exe and Wkspatch.exe. I keep deleteing them both with McAfee but they keep on coming back and infecting my computer. So any ideas there? Share this post Link to post
clutch 1 Posted February 15, 2004 See if you can use the recovery/emergency disks that you get when you install McAfee. Then, boot the system with the floppies and scan for it then. Also, look up the virus at McAfee and perform whatever steps are indicated. http://vil.nai.com/vil/content/v_100516.htm#RemovalInstructions If you go there, you will see the simple directions of "can all files with the issue". However, WinME and WinXP both have system restore running by default, and that service has a lock on those files which will keep you from deleting them. So, you will probably want to disable system restore, rescan, delete the viruses, and then patch the system if possible. Then, reboot, and rescan with the offline virus removal tool to make sure. Rinse and repeat as necessary... Share this post Link to post