Nasty virus svcservices.exe??

kenny504kenny504 Users Awaiting Email Confirmation Posts: 237 ■■□□□□□□□□
in Off-Topic
I have this annoying bug on my server, symantec identified it as Backdoor.Usirf But It cannot quarantine it. I viewed task manager and the service is presently running but when you try to manually terminate the virus you get an access denied.

Any hlp thanks alot
There is no better than adversity, every defeat, every loss, every heartbreak contains its seed. Its own lesson on how to improve on your performance the next time.
· Share on FacebookShare on Twitter

Comments

  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Try restarting in safe mode first.
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Find out the location of the file and write it down. You won't be able to delete it right away because it's a running process.

    Then you need to find out what is calling this process. It may have an entry in the registry in HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN telling it to run at startup. If you see it there, delete the entry. Or it may be installed as a service. A great tool called hijackthis can tell you everything that is set to run at startup that wasn't part of the base OS as well as any browser add-ons. You might find an entry for svcservices using that tool. If you do, delete it. Link to hijackthis -> http://www.merijn.org/files/HiJackThis_v2.exe

    Then boot to safe mode and delete the infected file, and do another full scan.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
    · Share on FacebookShare on Twitter
Sign In or Register to comment.