Solution:
=========
Go to Control Panel
Doubleclick System
In System Properties window, click System Restore tab
Check Turn off System Restore
Click OK

Follow these steps to completely remove this worm:
==================================================
1-Start>RUN
2-Type CMD
3-In CMD,type Taskkill /T /IM "RVHOST.EXE"
4-Then open a Notepad Start>RUn, type NOtepad
5-In notepad paste these lines below

On Error Resume Next
Set shl = CreateObject("WScript.Shell")
Set fso = CreateObject("scripting.FileSystemObject")
shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr"
shl.RegDelete

6-Save the notepad as "Enable.VBS"
(Note: the quoatation mark "..." must be included if not the file will be saved as normal text file)
7-Double click Enable.VBS
8-Now Start>Run. type Regedit and press enter

Before start editing the registry remember to export it.
Go to File, Export...
In the Export Registry File windows, select all for Export range.
Type any relevance name (for example: BeforeModifyingReg) and click Save.
The normal path for Save in is OK but if you want to change it that fine.
(Note: Remember to select All for Export range)

9-Do the following changes in Registy

In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Yahoo Messengger = "%System%\RVHOST.exe"
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP and Server 2003.)

Still in Registry Editor, in the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Policies>Explorer
In the right panel, locate and delete the entry:
NofolderOptions = "1"

Still in Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Winlogon
In the right panel, locate the entry:
Shell = "Explorer.exe RVHOST.exe"
Right-click on the value name and choose Modify. Change the value data of this entry to:
Explorer.exe

Still in Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>Schedule
In the right panel, locate the entry:
NextAtJobId = "2"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
Close Registry Editor.

Deleting the Malware File(s)
============================
First of all, do 3 settings in folder option:
1. enable show hidden files and folders
2. disable hide extensions for known file types
3. disable hide protected operating system files

Then, right-click Start then click Search... or Find..., depending on the version of Windows you are running.
In the name input box, type AT1.JOB
In the Look In drop-down list, select My Computer, then press Enter.
Once located, select the file then press SHIFT+DELETE.

Do Disk Cleanup to empties Temporary Internet Files, Recycle Bin & Temporary files folders.

In Search, continue to search for other files:
RVHOST.exe
new folder.exe
(Note: when search for rvhost.exe and new folder.exe sometimes it will show results with extension .pf, delete these files as well.)

For best result search *.exe and delete every exe files that had icon looks like folder. Its icon looks a bit like a folder just a means to trick the user into doubleclick on it and got infected.

Removing RVHOST from flash drive
================================
IMPORTANT: Do not open flash drive even it pop up windows ask for what to do. Just cancel it.

Then, right-click Start then click Search... or Find..., depending on the version of Windows you are running.
In the name input box, type *.exe
In the Look In drop-down list, select %your flash drive%, then press Enter.
Once results were displayed, select all the files had icon looks like folder then press SHIFT+DELETE.

ooo..tu mcm kaa..aku punya laptop pun kena ne..adididii...okie tq ging

hehhe ini mesti pasal trojan punye kerja.... bila pakai kaspersky terus dia deteck dan dilit itu file dlm sistem win32.....

bila suda clean windows pun disply rvhost dlm dialog box....

kurang asam tu virus kan.....

ada yang paling senang... intall balik jak tu windows....

uiksss eleanor...ko ada kasperskyka...bule bg kat aku..free donlod pnya bah..mls mo main byr2 ne...adididi..tulun dl aaa..hihiih

oiiiii buli bah kalau ko.... aku kasi terus dgn lesen nya mau kah supaya KIS tu jadi original......... tapi jgn bising2 sebab itu key nya sudah kena hack.... hehehehe

mcm mana sia mo kasi ko....... ko ada yohoo mesenger kah kalau ada aku antar pakai tu jak.... k...

ko mau yang 7.0 kah atau 6.0

ada bah...nnti aku pm sm ko...mana2 ja tp apa beza 7.0 sm 6.0 aaa...ko jglah broo..hihihi

7.0 latest punya yang 6.0 pun ok juga..... kedua2nya ok.... tapi bila install nie firewallnya tinggi jadi nanti ko adjust la kasi rendah nanati tak bolh masuk web itu dan ini...

oooo itu mcm kaaa..oki3...tq bro

avg k ka????

avg ok juga cuma avg nie main kasar ba.... sebab bila jumpa virus terus dia delete delete tu tak kisah tapi bila virus tu bersandar dgn file yg penting2 yg masih kita mau guna avg tak peduli semua tu.... dia delete jak.... yg penting virus hilang.... itu lah matlamatnya...

Quote :

avg ok juga cuma avg nie main kasar ba.... sebab
bila jumpa virus terus dia delete delete tu tak kisah tapi bila virus
tu bersandar dgn file yg penting2 yg masih kita mau guna avg tak peduli
semua tu.... dia delete jak.... yg penting virus hilang.... itu lah
matlamatnya...

klau AVG xder la jugak auto delete x silap aku...biase kn dier tnyer dlu...
aku minat 2 jenis AV skrg...BITDEFENDER N KASPERSKY....
dlu mnat gak AVG...sbb dier pon ok....lps tue hack ke avg pro....mmg protecton dier leh tahan gak....skrg dh pkai kasperky...

Aku, kalo kena menatang nie, aku guna flash killer jer. Abis citer, xpenin kapla,
kohkohkoh
guna kill flash, pastu restart abih citer.

ya betullllllllll.... memang ada byk cara...... ada cepat ada lambat ada panjang ada pendek.... dlm dunia IT nie yg cepat, pendek dan eficient adalah lebih baik......

klau virus nie, korang leh gak pkai av tambahan sperti portable av....wlaupun av ne nmpak biase, tp av ne bnyk membntu....

ayoyo bro bukan semua orang tau tu kaedah bagus ko cerita sikit tu kaedah dia supaya satu sioloon tahu dan tak payah diorang tanya balik bro...

pakai ja ad-aware SE 2007..sa sdh pakai ni, rvhost.exe iLang..correct me if wrong..

eleanor wrote:

ayoyo bro bukan semua orang tau tu kaedah bagus ko cerita sikit tu kaedah dia supaya satu sioloon tahu dan tak payah diorang tanya balik bro...

nnti aku upkan portable AV tue....

nie aku upk kn version lama....yg version baru msih dlm beta....aku dh cuba yg version beta tp rse nye blum stabil...yg lame nie mmg ok...stakat nie blom ader mslah lg....

--> cLiCk KaT cNiE <--

aku x rekemenkn korang guna yg latest iaitu 1.6...
yg aku bg nie 1.5...
yg 1.6 aku xbrape suka...lgpun msih dlm beta....