# Major virus hassles - Win32/hakaglan.G - SCVVHSOT.EXE folder



## computertechie (Jul 10, 2007)

Turned up at a client site this morning to fix a reported synchronisation problem.

A message came up to do with C:\Windows\system32\SCVVHSOT.EXE, so I could tell straight away it was a virus.

On 3 computers, one of them being their main "server" computer it also has the following problems:
- Task Manager is greyed out
- Folder Options has vanished
- Can't run MSConfig
- Can't run regedit

Six hours later....and the customer paying by the hour....a few machines are still playing up.

Started off by doing a scan with AVG Pro, which cleaned up some stuff, then did a Spybot scan which cleaned up a bit more, but the problems remain.

Then loaded the 30-day trial for NOD32, which cleaned up over 1500 infiltrations on one of the computers. Many occurences of Win32/hakaglan.G worm. But it still had the above problems.

Their "server" computer (XP) was still on 25% of the NOD scan when I left tonight and was already up to about 6500 infiltrations!

Has anyone else had this problem with SCVVHSOT.EXE or the mentioned virus before? Are there any removal tools which might do the job??


----------



## Nesjemannen (Nov 9, 2007)

1. Do your virus scans in Safe Mode.

2. Try this spyware tool ( to get the most crap away) : 
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

After fully scanning your computer in Safe Mode ( Cut the virus' "Air supply" )
post a Hijackthis log in the Malware and HJT forum.

And yea - It is a virus, or actually a worm - the W32/SillyFDC-AE
____

Good Luck!


----------



## bearone2 (Jun 4, 2004)

computertechie said:


> Turned up at a client site this morning to fix a reported synchronisation problem.
> 
> A message came up to do with C:\Windows\system32\SCVVHSOT.EXE, so I could tell straight away it was a virus.
> 
> ...


you charge a client by the hour and do an online virus scan, great service to the customer.

it's easier to prevent the virus as opposed to eliminating it afrter the fact but then you're paid by the hour.


----------



## computertechie (Jul 10, 2007)

Paid by the hour, but sadly straight to the boss not me :-( Plus I'd rather get that sort of job done within 3 hours or so and not take the stress home with me (It's nearly 11pm now).

I looked up this link on the Sophos web site:
http://www.sophos.com/security/analyses/w32sillyfdcae.html
But it's a bit of a ******* when you can't get into regedit to delete the offending keys :-( Think that's the first time I've seen a virus disable Task Manager. If only I could get into Task Manager and regedit, I'd be ok.

I'll tell the customer to try out that Free Superantispyware package - they'll try and do as much as they can themselves to keep support costs down.

Is that package likely to remove that virus?


----------



## bearone2 (Jun 4, 2004)

i doubt it.

f it's a client/more than one machine, why hasn't someone sugested an onboard virus protection system, free or $$$$.

anti spyware isn't virus protection.


----------



## Nesjemannen (Nov 9, 2007)

I know Antispyware isn't virus protection - But it will help take the most crap away. 

And he/she should already have a virusscanner of some kind.


----------



## bearone2 (Jun 4, 2004)

you're dreaming.

maybe not unless you, the tech folks mentioned it.
you said the client wanted to keep $$$ down.

you did an avg scan, then a 30 day nod32 install, so it doesn't sound like any av protection was installed and why the system got hosed.


----------



## computertechie (Jul 10, 2007)

AVG Pro has been in place there for ages. It failed.

Think the offender was the person in the office running Kazaa!

We left it running NOD32 scans last night in normal mode. Then I told the client to run it in Safe Mode.

They can now access Task Manager, MSConfig and regedit 

Have pointed them to that Sophos link and told them what registry keys to delete.


----------



## bearone2 (Jun 4, 2004)

if they delete enuff registry stuff, you can come back for another 6 hour payday.


----------

