Nuffnag

Wednesday, April 28, 2010

Remove RVHOST

10:45:00 AM  No comments

how to remove virus called "rvhost.exe"

So first is the symptoms i got:
1. My Yahoo! Messenger sent a link to all my friends in my friend list.
2. I can't open regedit, task manager, and folder options.
3. I found these files:
- C:\Windows\RVHOST.exe
- C:\Windows\Tasks\At1.job

Next is how we can remove it.
1. Download this and after you're done downloading this, double click it. (EDIT: Don't forget to rename it to regtools.vbs or else it won't work!)

2. Regedit is now supposed to enable, open it. Start ->run->regedit.

3. Go to:
HKEY_CURRENT_USER -> Software -> Microsoft ->Windows -> CurrentVersion -> Run
Delete the entry named RVHOST.exe. But in my case, this doesn't exist. So if this doesn't exist, just leave it as it is.

4. Go to:
HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Policies ->System
Now, in the right column you will see 3 options: Default, DisableRegistryTools, DisableTaskManager. Double click DisableRegistryTools and DisableTaskManager. Change the "Value Data" to 0.

5. Then, Go to:
HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Policies -> Explorer.
You will see NoFolderOptions in the right column. Double click it and change the "Value Data" to 0.

6. Next, go to:
HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> Schedule
Search for "AtTaskMaxHours" in the right column. Double click it and change the "Value Data" to 24.

7. Now; regedit, task manager, and folder options are all enabled.

8. Wait!! You're not done yet!! My next problem was, whenever I turned on my computer, this message will pop out.
"Windows cannot open RVHOST.exe........." or something like that. Now, what am I supposed to do???
I already found the solution for this. Get HijackThis program and install it. Now click "Do a system scan and save a logfile" or "Do a system scan only".

9. Next find this "F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe" and tick the box next to it, then click the box "Fix Checked"

10. Get a rest!! Your computer is now healed^^

EDIT: To make sure that the virus is 100% gone, go to Edit-> Find in regedit. Good luck^^

Tips:
-When you find a removable disk, whether it's a flashdisk or a memory card or anything (floppy disk, etc), DON'T just open them without any 2nd thought!!!
-When you're using messenger and suddenly your friend is sending you a message with weird links, don't EVER open it!!


0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)