“Here you have” Email Virus - W32/VBMania@MM

A new version of "I love you" virus/worm called "Here you have" Virus came ou. All it does when ran is distribute itself using your addressbook. Many big corporations were hit, and antivirus software had to release an emergency updates.

Clean “Here you have” Email Virus

US-CERT have issued alerts of a worm spreading through email with the subject "Here you have" and being identified as the W32/VBMania@mm or “VBMania” worm. The virus has been spreading primarily via email, asking recipients to click on a link masked as a PDF file that actually links to malware being hosted on an external server. In a sample, an emailed contained a link to “PDF_Document21_025542010_pdf.scr’” which directed users to malware hosted on the domain “members.multimania.co.uk”. The virus had been spreading rapidly but researchers are saying that volume has dropped significantly once the site hosting the malware was shut down. When a user clicks on the link, their computer instantly downloads and launches the malware.

The worm also attempts to spread from computer to computer over local networks. So, disable network sharing and/or disconnect infected computers from the local network and Internet and block outbound traffic to the domains/ IP addresses contained in the malicious e-mail to prevent users connecting to distribution sites to download.

Stinger utility is used to detect and remove this threat. Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but a tool to assist administrators and users when dealing with an infected system.

Remove Svchost.exe Malicious Virus

Generic Host Process for Win32 Services or svchost.exe is a legal and essential component of Windows which is used to host services which run from dynamic-link libraries (DLLs). Multiple instances of Svchost.exe can run at the same time. So it is not a problem in most cases if you see five or six or even more copies of svchost.exe running in your services because they host different groups of DLLs.




Steps to remove malicious Svchost.exe Virus:

1) Scan your PC for the following viruses: CashToolbar Downloader-MY, System1060, CoolWebSearch Svchost32, ADCLICK-AG, ADCLICK-AX, ADUYO-A, AGENT-V, AGOBOT-KL, AUTOTROJ-C.

2) Go to Windows Automatic Updates properties (right-click on My Computer, then click on Properties and switch to Automatic Updates tab).

3) Choose "Turn Off Automatic Updates", click OK and reboot your PC.

4) Manually update Windows using "Windows Update" shortcut in the start menu.

5) Turn automatic updates on.

6) If your problem is not solved on this step, uninstall old Hewlett-Packard printer and scanner drivers (if any) and download new drivers from the manufactures web site.

7) If your problem is not solved on this step, use the following command to show all svchost.exe instances and associated services or libraries: tasklist /svc /fi "imagename eq svchost.exe"

This is good and effective way of Generic Host Process or svchosts.exe repair.