Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Anyone know of a new virus or strain of an existing virus that creates a svcmgt.exe file that runs as a Service eating up all processor time? I can't find anything about it. Thanks.
Clue on a Chinese thread
It has it listed in a HJT log ..
C:\WINDOWS\System32\svcmgt.exe
Look at the second response and the TechNet security bulletin it points to ...
Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732).
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0 
I'm sorry...second response to what? And, the effected machines already have that particular MS Patch.
0
Original question mentions svcmgt.exe. First response tells person to run HJT. Second response says possible affected machines need to be patched according to the security bulletins mentioned. Person then runs a HJT log. Next response tells them what to get rid of using HJT. Blah blah.
But if you've already patched, and are up to date ....
Then I'll have another looksee elsewhere.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
A little more info. The Service name that is associated with this svcmgt.exe file is "Microsoft Support Service," and it's being added to the Run key in the Registry. Short of stopping the service and creating a bogus, read-only version of the executable, nothing seems to be working on fixing this, not even anti-virus upgrades.
Has anyone else run across this? Help.....
0
I'm puzzled Jen.
If you know this svcmgt.exe is a bogus file and should not be there, why haven't you already got rid of it ?
I've never run into it before and the only clue regarding svcmgt.exe I've come across is as I've already mentioned. It turned up in a HJT log and was earmarked for removal.
If you look at what was earmarked for removal, the very top one says ..
O4 - HKLM\..\Run: [Microsoft Support Service] svcmgt.exe
But I'm guessing you couldn't view the Chinese site as you don't have Chinese language text display installed in IE.
But like I said, I'm curious why you haven't got rid yet. Or is it the extra detail you really want ?
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
I am getting rid of it, but only with a bandaid. Prevention is what I'm looking for here, so what I need to know is where it's coming from and what is causing this new "Microsoft Support Service" to be installed on these machines.
So, yes, the extra detail is what I want and need.
And no, I couldn't view the Chinese site.
0
Sleuth work time.
Rather than clogging this thread up with a HJT log and putting someone off who might know straight away.
Out of curiousity just post a HJT log on a thread that's now dead, that I started. # 13740. It's near the bottom of page 2.
I'm curious as to whether you have anything else there that shouldn't be there. For example, a wupdated.exe.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0
I had this file on my computer...
I just recently plugged in my NEWLY BUILT computer to a University campus network (with anti-virus software ON mind you), and found my processor was sitting at 100% usage all the time... which I found odd considering it's an AMD 2400+ and I wasn't running anything.... It was svcmgt.exe!
My solution was to go to C:/WINDOWS/system32/ and delete the actual svcmgt.exe file... THEN, go to regedit, and do a search for EVERY instance of "svcmgt" and delete every registry entry...
then go to Run > MSCONFIG > Startup tab, and remove every instance of svcmgt.exe (it was in mine 3 times)...Then restart.
You should be fine... :D
0
Found the problem. Running Symantec... the update from 17 October did not detect this virus, which was actually discovered in April. Any machine will be infected immediately upon accessing the network unless it has been patched before connecting.
Lots of Registry changes need to be made to the infected machines, including deleting the Microsoft Support Service. If you don't delete the service, the virus will continue to recreate itself and run.
0
You got any Symantec links for this sucka Jennifer SUMN ?
I'll be needing the extra details too, now.
See the iDiOt walk
See the idiot TaLkWaLk IdIoT WaLk
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
