Virus Via LAN -- svohosta.exe Urgent

[TheBroker]

just formatted my system and got a virus via lan svchosta.exe .not being deleted with NAV(dnt ask me why i am still using it),not bending with taksmanager.........wht to do.......all kinds of linkz and help appreciated......no time 2 format this message

EDIT:Also noticed blocking access to antivirus sites ......symantec.com kaspersky.com and the likes

 

[blaster]

Use a good firewall , I use ZoneAlarm free version.
Once i shutdown firewall , i get virus within 5 seconds , so i recomend ZA , many others are available like Mcafee personal firewall , Norton internet security etc etc

 

[Crazy_Eddy]

I'm guessing this is what you have:
http://www.sophos.com/virusinfo/analyses/trojsnifferi.html

1. Try rebooting in Safe mode and check for the offending key under :
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

HKLM = HKEY_LOCAL_MACHINE
HKCU = HKEY_CURRENT_USER.
Delete the rogue entries (but be careful what you delete).

2. Alternatively, download Hijackthis and try fixing the entries under section "04:".
http://www.richardthelionhearted.com/~merijn/downloads.html

3. Try using an Anti-spyware tool like AdAware or Spybot S&D.

 

[TheBroker]

The virus name is w32.hllw.gaobot ..its running in the background and not stopping with takmanager.........can any tweaking of the registery do (not in safe mode).........answers answers i need 'em quick

EDIT:removed all instances of svchosta in registry

also the s/w from the first link is of no use.........have 2 pay for using it

ANOTHER EDIT:stopped svchosta with a program called ultimate troubleshooter but when went 2 find the file and delete/quarantine it not found:O:O:O

 

[Blade_Runner]

Freekill refer these links

http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.removal.tool.html

http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.uj.removal.tool.html

 

[TheBroker]

@blade I think the virus got removed .......but thanks for the tool will come handy later hyeah:hyeah:

Thanks Dude.