Hello good Ppl.
resantly i have this proplem, about every 20 min ihave this popup (no matter what i`m doing) it says, "svchost.exe-no disk" and asking me to press or cancel, try agine, continue, if i push ithere of them it`s disapiring but then after 20 min+- it`s there agine.
pls help if u jnow what to do!
thnkx

Hi Rufus,

Possible malware. Please can you follow PCHF Prework on my signature, and post you HJT log back here. A member of security will analyse your log shortly after.

> Transferred to HJT Forum.

i`m sorry, bit can u be more specific?
i have no idia what you are talking about
what i need to send and where and how i get it?
thnkx

Hi rufus...in our signitures (after this message here) You will see a word "Prework"

Please click on it (it's a link) and follow all the instructions very carefully on that site.

hi here is the log file i`m waiting for youre sagestion`s
thankx.

Attached Files

hijackthis.log (4.2 KB, 1 views)

Hello.

Please run HijackThis and place a checkmark by the following entries:
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Raf\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [WinService32] C:\Program Files\System32\svchost.exe


Close all other windwos except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.

1. Please download the Killbox.
2. Unzip it to the desktop but do NOT run it yet.
3. Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
4. Once in Safe Mode, please run Killbox.
5. Click "Delete on Reboot".
6. Paste the following into the top "Full Path of File to Delete" box.
   • C:\Documents and Settings\Raf\LOCAL SETTINGS\Temp\svchost.exe
7. Click the red-and-white "Delete File".
8. Click "Yes" at the Delete on Reboot prompt.
9. Click "No" at the Pending Operations prompt.

Please then go to Online malware scan , click on Browse, and upload the following file for analysis:

C:\Program Files\System32\svchost.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see, along with a new HijackThis log.

Scan taken on 07 Jan 2007 12:14:21 (GMT) AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:007SpySoft
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found Possibly a new variant of W32/VB-EMU:VB-Backdoor-HRS-based!Maximus
F-Secure Anti-Virus Found not-a-virus:Monitor.Win32.007SpySoft.341 (6, 2, 604)
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:Monitor.Win32.007SpySoft.341
NOD32 Found a variant of Win32/Spy.007 Spy application
Norman Virus Control Found W32/007Spy.H
VirusBuster Found nothing
VBA32 Found nothing