W32.HLLW.Raleka infected svchost.exe - what to do?

suklee

Diamond Member
Oct 9, 1999
4,575
10
81
How to remove this? I followed Norton's link here and looked up some info at F-secure. Her computer has NAV2003 installed, it detects the virus, but the problem is that the infected file is c:\windows\system\svchost.exe. I assume this is some sort of Windows system file, b/c I cannot remove the file. Always get "unable to repair this file" followed by "access to the file was denied". This will go on forever in a loop... and I'll be lucky to get it to shut down or restart without hitting the power button. Any ideas?

Btw, I also ran Ad-aware on her computer and came up with

48 Registry keys
6 Registry values
1834 Files
8 Folders
For a total of 1896 'bugs'! :Q:Q

She was getting pr0n popups like there was no tomorrow :D
 

hdeck

Lifer
Sep 26, 2002
14,530
1
0
did you do everything step-by-step like it says to do on the norton page?
 

suklee

Diamond Member
Oct 9, 1999
4,575
10
81
Yessiree, I disabled System Restore and did the whole mumbo jumbo...

Virus defs are up to date as well
 

capybara

Senior member
Jan 18, 2001
630
0
0
have u run adaware 6 ? if that dont help,
im afraid this is looking like a repair install of windows
 

capybara

Senior member
Jan 18, 2001
630
0
0
ps = once fixed, next fix the vulnerability = disable dcom or update your servicepacks.
 

suklee

Diamond Member
Oct 9, 1999
4,575
10
81
Originally posted by: capybarahave u run adaware 6 ? if that dont help,
im afraid this is looking like a repair install of windows

Yes i have - see my first post.

Is there anyway I can delete the infected file and copy over a clean file from another system?