I had over 40 machines infected with this "virus". Since it disables everything, including the antivirus, here's a workaround.
First do this: run unhookexec.inf to enable the registry (can be dled from symantec)
1. Boot in Safe mode with command prompt.
2. go to your windows folder and enter this command. ATTRIB
you will usually find two files; autorun.ini -shr and scvhsot.exe shr
modify the attributes and remove the system, hidden and read only attribs [attrib scvhsot.exe -s -h -r]
3. now go to the windows/system32 and do the same as step2
4. these files are also located on all root partitions/drives; repeat step2
5. enter this command: regedit
6. remove all related keys/strings
hklm>software>microsoft>windows>currentversion>run -----> remove items running scvhsot
hkcu>software>microsoft>windows>currentversion>run------> remove items running scvhsot
hklm>software>microsoft>windowsnt>currentversion>winlogon -----> modify key shell (it must be Explorer.exe only)
7. Restart
Your registry editor, taskmanager, msconfig, and other administration tools should be working. Update your antivirus and run a full scan.
Message Edited by dexmax on
12-06-2007 01:08 AM