SIOLOON FUN CLUB
Please log in or register before viewing the unlimited contents of this forum.
Thank you for visiting our website.

by aLFFiaN.
attack by RVHOST.EXE virus Facebo10
SIOLOON FC on Facebook
LIKE or UNLIKE
SIOLOON FUN CLUB
Please log in or register before viewing the unlimited contents of this forum.
Thank you for visiting our website.

by aLFFiaN.
attack by RVHOST.EXE virus Facebo10
SIOLOON FC on Facebook
LIKE or UNLIKE
SIOLOON FUN CLUB
Would you like to react to this message? Create an account in a few clicks or log in to continue.

SIOLOON FUN CLUB

border=0
 
HomePortalGalleryLatest imagesSearchRegisterLog in

Share | 
 

 attack by RVHOST.EXE virus

View previous topic View next topic Go down 
AuthorMessage
kittycool
FRESHIE
FRESHIE
kittycool

Male
Countries/State : Sabah
Age : 42
location : Kota kinabalu
Points : 12834
Reputation : 0
Number of posts : 3

attack by RVHOST.EXE virus Empty
PostSubject: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime19/7/2007, 10:40 am

Solution:
=========
Go to Control Panel
Doubleclick System
In System Properties window, click System Restore tab
Check Turn off System Restore
Click OK

Follow these steps to completely remove this worm:
==================================================
1-Start>RUN
2-Type CMD
3-In CMD,type Taskkill /T /IM "RVHOST.EXE"
4-Then open a Notepad Start>RUn, type NOtepad
5-In notepad paste these lines below

On Error Resume Next
Set shl = CreateObject("WScript.Shell")
Set fso = CreateObject("scripting.FileSystemObject")
shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr"
shl.RegDelete

6-Save the notepad as "Enable.VBS"
(Note: the quoatation mark "..." must be included if not the file will be saved as normal text file)
7-Double click Enable.VBS
8-Now Start>Run. type Regedit and press enter

Before start editing the registry remember to export it.
Go to File, Export...
In the Export Registry File windows, select all for Export range.
Type any relevance name (for example: BeforeModifyingReg) and click Save.
The normal path for Save in is OK but if you want to change it that fine.
(Note: Remember to select All for Export range)

9-Do the following changes in Registy

In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Yahoo Messengger = "%System%\RVHOST.exe"
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP and Server 2003.)

Still in Registry Editor, in the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Policies>Explorer
In the right panel, locate and delete the entry:
NofolderOptions = "1"

Still in Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Winlogon
In the right panel, locate the entry:
Shell = "Explorer.exe RVHOST.exe"
Right-click on the value name and choose Modify. Change the value data of this entry to:
Explorer.exe

Still in Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>Schedule
In the right panel, locate the entry:
NextAtJobId = "2"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
Close Registry Editor.

Deleting the Malware File(s)
============================
First of all, do 3 settings in folder option:
1. enable show hidden files and folders
2. disable hide extensions for known file types
3. disable hide protected operating system files

Then, right-click Start then click Search... or Find..., depending on the version of Windows you are running.
In the name input box, type AT1.JOB
In the Look In drop-down list, select My Computer, then press Enter.
Once located, select the file then press SHIFT+DELETE.

Do Disk Cleanup to empties Temporary Internet Files, Recycle Bin & Temporary files folders.

In Search, continue to search for other files:
RVHOST.exe
new folder.exe
(Note: when search for rvhost.exe and new folder.exe sometimes it will show results with extension .pf, delete these files as well.)

For best result search *.exe and delete every exe files that had icon looks like folder. Its icon looks a bit like a folder just a means to trick the user into doubleclick on it and got infected.

Removing RVHOST from flash drive
================================
IMPORTANT: Do not open flash drive even it pop up windows ask for what to do. Just cancel it.

Then, right-click Start then click Search... or Find..., depending on the version of Windows you are running.
In the name input box, type *.exe
In the Look In drop-down list, select %your flash drive%, then press Enter.
Once results were displayed, select all the files had icon looks like folder then press SHIFT+DELETE.
Back to top Go down
iealza
JUNIOR
JUNIOR


Male
Age : 43
location : kota kinabalu
Points : 12289
Reputation : 0
Number of posts : 155

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime15/1/2008, 10:17 am

ooo..tu mcm kaa..aku punya laptop pun kena ne..adididii...okie tq ging
Back to top Go down
eleanor
SUPERIOR
SUPERIOR


Male
Age : 47
location : sabah
Points : 12305
Reputation : 0
Number of posts : 2620

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime15/1/2008, 11:55 am

hehhe ini mesti pasal trojan punye kerja.... bila pakai kaspersky terus dia deteck dan dilit itu file dlm sistem win32.....

bila suda clean windows pun disply rvhost dlm dialog box....

kurang asam tu virus kan.....
Back to top Go down
eleanor
SUPERIOR
SUPERIOR


Male
Age : 47
location : sabah
Points : 12305
Reputation : 0
Number of posts : 2620

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime15/1/2008, 11:57 am

ada yang paling senang... intall balik jak tu windows.... What a Face
Back to top Go down
iealza
JUNIOR
JUNIOR


Male
Age : 43
location : kota kinabalu
Points : 12289
Reputation : 0
Number of posts : 155

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime17/1/2008, 2:29 pm

uiksss eleanor...ko ada kasperskyka...bule bg kat aku..free donlod pnya bah..mls mo main byr2 ne...adididi..tulun dl aaa..hihiih
Back to top Go down
eleanor
SUPERIOR
SUPERIOR


Male
Age : 47
location : sabah
Points : 12305
Reputation : 0
Number of posts : 2620

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime17/1/2008, 2:33 pm

oiiiii buli bah kalau ko.... aku kasi terus dgn lesen nya mau kah supaya KIS tu jadi original......... tapi jgn bising2 sebab itu key nya sudah kena hack.... hehehehe
Back to top Go down
eleanor
SUPERIOR
SUPERIOR


Male
Age : 47
location : sabah
Points : 12305
Reputation : 0
Number of posts : 2620

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime17/1/2008, 2:59 pm

mcm mana sia mo kasi ko....... ko ada yohoo mesenger kah kalau ada aku antar pakai tu jak.... k...

ko mau yang 7.0 kah atau 6.0
Back to top Go down
iealza
JUNIOR
JUNIOR


Male
Age : 43
location : kota kinabalu
Points : 12289
Reputation : 0
Number of posts : 155

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime19/1/2008, 6:26 pm

ada bah...nnti aku pm sm ko...mana2 ja tp apa beza 7.0 sm 6.0 aaa...ko jglah broo..hihihi
Back to top Go down
eleanor
SUPERIOR
SUPERIOR


Male
Age : 47
location : sabah
Points : 12305
Reputation : 0
Number of posts : 2620

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime22/1/2008, 9:34 am

7.0 latest punya yang 6.0 pun ok juga..... kedua2nya ok.... tapi bila install nie firewallnya tinggi jadi nanti ko adjust la kasi rendah nanati tak bolh masuk web itu dan ini...
Back to top Go down
iealza
JUNIOR
JUNIOR


Male
Age : 43
location : kota kinabalu
Points : 12289
Reputation : 0
Number of posts : 155

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime22/1/2008, 10:43 am

oooo itu mcm kaaa..oki3...tq bro Very Happy
Back to top Go down
vijay91hebat
SENIOR
SENIOR
vijay91hebat

Male
Countries/State : Kuala Lumpur
Age : 33
location : Labuan
Points : 12784
Reputation : 0
Number of posts : 649

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime25/1/2008, 6:57 pm

avg k ka????
Back to top Go down
eleanor
SUPERIOR
SUPERIOR


Male
Age : 47
location : sabah
Points : 12305
Reputation : 0
Number of posts : 2620

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime26/1/2008, 9:19 am

avg ok juga cuma avg nie main kasar ba.... sebab bila jumpa virus terus dia delete delete tu tak kisah tapi bila virus tu bersandar dgn file yg penting2 yg masih kita mau guna avg tak peduli semua tu.... dia delete jak.... yg penting virus hilang.... itu lah matlamatnya...
Back to top Go down
pakalolo9
JUNIOR
JUNIOR
pakalolo9

Male
Age : 38
location : KoTa BhArU SkRg / My Kg
Points : 12772
Reputation : 0
Number of posts : 199

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime14/2/2008, 1:03 am

Quote :
avg ok juga cuma avg nie main kasar ba.... sebab
bila jumpa virus terus dia delete delete tu tak kisah tapi bila virus
tu bersandar dgn file yg penting2 yg masih kita mau guna avg tak peduli
semua tu.... dia delete jak.... yg penting virus hilang.... itu lah
matlamatnya...
klau AVG xder la jugak auto delete x silap aku...biase kn dier tnyer dlu...
aku minat 2 jenis AV skrg...BITDEFENDER N KASPERSKY....
dlu mnat gak AVG...sbb dier pon ok....lps tue hack ke avg pro....mmg protecton dier leh tahan gak....skrg dh pkai kasperky... Very Happy
Back to top Go down
http://www.myspace.com/pakalolo9
madperak
OBSERVER
OBSERVER
madperak

Male
Countries/State : Johor
location : penang 'n' perak
Points : 12861
Reputation : 2
Number of posts : 351

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime14/2/2008, 2:46 am

Aku, kalo kena menatang nie, aku guna flash killer jer. Abis citer, xpenin kapla,
kohkohkoh
guna kill flash, pastu restart abih citer.
Back to top Go down
eleanor
SUPERIOR
SUPERIOR


Male
Age : 47
location : sabah
Points : 12305
Reputation : 0
Number of posts : 2620

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime14/2/2008, 8:58 am

ya betullllllllll.... memang ada byk cara...... ada cepat ada lambat ada panjang ada pendek.... dlm dunia IT nie yg cepat, pendek dan eficient adalah lebih baik......
Back to top Go down
pakalolo9
JUNIOR
JUNIOR
pakalolo9

Male
Age : 38
location : KoTa BhArU SkRg / My Kg
Points : 12772
Reputation : 0
Number of posts : 199

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime14/2/2008, 12:59 pm

klau virus nie, korang leh gak pkai av tambahan sperti portable av....wlaupun av ne nmpak biase, tp av ne bnyk membntu.... Very Happy
Back to top Go down
http://www.myspace.com/pakalolo9
eleanor
SUPERIOR
SUPERIOR


Male
Age : 47
location : sabah
Points : 12305
Reputation : 0
Number of posts : 2620

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime14/2/2008, 2:47 pm

ayoyo bro bukan semua orang tau tu kaedah bagus ko cerita sikit tu kaedah dia supaya satu sioloon tahu dan tak payah diorang tanya balik bro...
Back to top Go down
te37
MODERATOR
te37

Male
Countries/State : Sabah
Age : 38
location : Kota Kinabalu - Keningau
Tag ID: : SFC 02132
Points : 12548
Reputation : 0
Number of posts : 2660

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime14/2/2008, 3:16 pm

pakai ja ad-aware SE 2007..sa sdh pakai ni, rvhost.exe iLang..correct me if wrong.. What a Face
Back to top Go down
pakalolo9
JUNIOR
JUNIOR
pakalolo9

Male
Age : 38
location : KoTa BhArU SkRg / My Kg
Points : 12772
Reputation : 0
Number of posts : 199

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime14/2/2008, 4:41 pm

eleanor wrote:
ayoyo bro bukan semua orang tau tu kaedah bagus ko cerita sikit tu kaedah dia supaya satu sioloon tahu dan tak payah diorang tanya balik bro...

nnti aku upkan portable AV tue.... relax
Back to top Go down
http://www.myspace.com/pakalolo9
pakalolo9
JUNIOR
JUNIOR
pakalolo9

Male
Age : 38
location : KoTa BhArU SkRg / My Kg
Points : 12772
Reputation : 0
Number of posts : 199

attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime15/2/2008, 11:00 am

nie aku upk kn version lama....yg version baru msih dlm beta....aku dh cuba yg version beta tp rse nye blum stabil...yg lame nie mmg ok...stakat nie blom ader mslah lg....

--> cLiCk KaT cNiE <--

aku x rekemenkn korang guna yg latest iaitu 1.6...
yg aku bg nie 1.5...
yg 1.6 aku xbrape suka...lgpun msih dlm beta....

Very Happy Very Happy Very Happy
Back to top Go down
http://www.myspace.com/pakalolo9
Sponsored content




attack by RVHOST.EXE virus Empty
PostSubject: Re: attack by RVHOST.EXE virus   attack by RVHOST.EXE virus Icon_minitime

Back to top Go down
 

attack by RVHOST.EXE virus

View previous topic View next topic Back to top 

 Similar topics

+
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
SIOLOON FUN CLUB :: ENTERTAINMENT :: COMPUTER ZONE-
Jump to: