I found folder in c:\windows\system 32 and cant delete it. It tells me access deied (Make sure the disc is not full or write protected and file is not currently in use . Also noticed some thing new svchost,exe
Any ideas on how to remove and what is svchost.exe
Paul
Hi Paul
What’s the folder called? rbot.exe? Anything in the folder?
What OS are you running?
Don’t worry about svchost.exe. It’s Windows Services Internet go-to guy. You should not block or mess with svchost.exe, otherwise things like Windows Update will break.
Hey,
I just replied in your other post (https://forums.comodo.com/anti_virusmalware_products/rbotexe-t13556.0.html). Hope that helps.
Cheers,
grampa.
ok on svc host I understand now . The rbot.exe Iam afraid to open to see whats in it . I do know its a backdoor exe file
rBot.exe is a Backdoor W32.Kelvir.R.
rBot.exe spreads by MSN Messenger and via open network shares .
rBot.exe tries to terminate antiviral programs installed on a user computer.
rBot.exe steals private information.
Related files:
%ProgramFiles%\KEVIN\rBot.exe
%ProgramFiles%\KEVIN\kevin.exe
%System%\svchost32.exe
Adds the value:
“Universal USB Service” = “svchost32.exe”
“load” = “C:\Program Files\KEVIN\Kevin.exe”
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.r.html
Removal:
Kill rBot.exe process and remove rBot.exe from Windows startup using antivirus (also check How To Remove section) Startup Optimizer.
Source: Softwaretipsandtricks.com
svchost32.exe is not svchost.exe.
One other thing you need to do once you’ve gotten rid of it and that is to purge your System Restore cache. If you don’t, the operating system will replace the clean files with the infected ones the next time you boot up.
Info on how to go about purging the _RESTORE folder here