Nasty virus svcservices.exe??
I have this annoying bug on my server, symantec identified it as Backdoor.Usirf But It cannot quarantine it. I viewed task manager and the service is presently running but when you try to manually terminate the virus you get an access denied.
Any hlp thanks alot
Any hlp thanks alot
There is no better than adversity, every defeat, every loss, every heartbreak contains its seed. Its own lesson on how to improve on your performance the next time.
Comments
-
sprkymrk Member Posts: 4,884 ■■■□□□□□□□Try restarting in safe mode first.All things are possible, only believe.
-
blargoe Member Posts: 4,174 ■■■■■■■■■□Find out the location of the file and write it down. You won't be able to delete it right away because it's a running process.
Then you need to find out what is calling this process. It may have an entry in the registry in HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN telling it to run at startup. If you see it there, delete the entry. Or it may be installed as a service. A great tool called hijackthis can tell you everything that is set to run at startup that wasn't part of the base OS as well as any browser add-ons. You might find an entry for svcservices using that tool. If you do, delete it. Link to hijackthis -> http://www.merijn.org/files/HiJackThis_v2.exe
Then boot to safe mode and delete the infected file, and do another full scan.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...