help needed! PC slow & infected

I find my computer running very slowly. This is happening from just few days.
I regularly update my anti-virus and other similar programs. Whenever i scan my computer, it takes plenty hours to scan just a few files.
I cannot even open task manager and run regedit.

Please help me in this regard…


If you can’t open task manager or regedit, it’s surely a malware.
Have you installed anything new this week or visited some site you haven’t before?
Download HijackThis( and run it and save the logfile, then post it here(not the file, copy the text from the logfile instead), to see if there’s anything that’s suspicious.
Also try Spybot S&D and Lavasoft Ad-aware.


I installed certain programs from my pen drive.
I ran spybot and ad-aware. Spybot detected the problem (with task manager) and but didn’t get it corrected.

However i have posted the log file. Please see attachment.

Moderator Edit: Please do NOT post HJT logs; they are simply too long. Instead, upload them as an attachment.

[attachment deleted by admin]

This one is a virus called SSVICHOSST.exe is W32/Sohana-R. a think it's a rootkit. Try A-squared downloadable here :

Try scanning in safe mode with this

please post your advance


Uhh, suhasmk, your computer is a malware farm. :slight_smile:

Tick, then fix these:
C:\WINDOWS\system32\SSVICHOSST.exe(yes, there are two of this)
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O1 - Hosts: www.
O1 - Hosts: www.
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKCU…\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSVICHOSST.exe
O4 - HKLM…\Policies\Explorer\Run: [status] present
O4 - HKUS\S-1-5-18…\RunOnce: [yisouu.dll] Regsvr32.exe /s C:\PROGRA~1\YiSou\yisouu.dll (User ‘SYSTEM’)
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip…{48A41D8E-AED2-41C8-B82F-B28467017BBC}: NameServer =,
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll

Also run a full scan in safe mode with disabled system restore.

Uhh, suhasmk, your computer is a malware farm. :)
Yeah, still got one right ;)


Thank you zvaragabor. I tried your way. I could not find when i ran hijackthis.

However, i can run regedit and task manager.

Please send another log file so we can see that you’re totally secure

here is my log file. i couldn’t remove C:\WINDOWS\system32\SSVICHOSST.exe & C:\WINDOWS\system32\SSVICHOSST.exe
how can i remove that?

[attachment deleted by admin]

I can’t see no problem any more but I’m not really an expert, still try a scan in safe mode (I hope you now how to do it? If not just say) and scan with avg, adaware, and spybot to be complete sure.

Also a saw 1 thing, it’s no longer BoClean 4.24 it’s 4.25 now, you should consider updating him :slight_smile:

Hope I could help ya

I cannot see the SSVICHOSST.exe in the new report too.
As alaertsxan mentioned, try a scan in safe mode. I would also recommend a-Squared free to run. It’s a good antispy too.
Anyway, which antivirus do you use?

I use AVG free-edition anti-virus, Spybot, Ad-aware and Comodo BOClean.

Finally Comodo BOClean came to my rescue. It detected and healed that particular virus. :BNC :BNC :BNC

I have the same problem

and this is the log file in the next reply

plzzzzzzzzzzz tell me what should I do ???

If none of the above works, post your own topic in ‘Virus/Malware Removal Assistance’.
Include what security products you use, and include a HijackThis log(


As a side note:

The “C:\WINDOWS\system32\SSVICHOSST.exe” line was under the processes list, that means the there were two instances of the executable running at once. This cannot be fixed in hijackthis, although you could end the process…

The idea is to remove the entry that launched the process at startup: “O4 - HKCU…\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSVICHOSST.exe” which was removed.

Anything that starts with “O4” (Run registry entry) or “O23” (Registered service) means that it launches a process at startup. Hijackthis covers a few sections of the registry as “O4” but all have the same effect of starting a process at startup.


Moderator Edit: Please do NOT post HJT logs; they are simply too long. Instead, upload them as an attachment. Also please do not capitalize posts as on the internet it implies shouting/yelling.

[attachment deleted by admin]


Looks like you have bearshare on your pc as well as askpbar. There may be other things as well.

Do you have spybot S & D? If not I would recommend you download it and run it.



This log entry

O4 - HKCU…\Run: [Tok-Cirrhatus-3939] “C:\Documents and Settings\ramil.bungque\Local Settings\Application Data\br8901on.exe”

matches a description for a polyware virus going by the name RAKYATKELAPARAN.EXE

A google search on RAKYATKELAPARAN.EXE turns this reference
described as “Added by the W32/Brontok-I worm.”

Your log also has this item
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
meaning that your ability to edit the registry has been disabled. That’s a common thing for malware to do these days, it in effort to make cleanup more difficult.

For details on W32/Brontok-I, details at

From what I’ve seen in various malware cleanup forums elsewhere, Brontok is not an easy cleanup.

And that’s about the limit of my skills. I can follow logs for the most part, but doing the cleanup isn’t my field.

Edit: Doing some more checking, this description
confirms several additional details in your log as matching that of the Brontok virus. Microsoft rates removal of this malware as “difficult”.

There seem to be few tools dealing directly with Brontok removal. Several that I’ve found listed are for previous versions of the malware, and are incomplete or ineffective at removal of Brontok-I.

The Microsoft Malicious Software Removal Tool is listed as a removal tool. The MSRT can be downloaded at