Hi, I've been infected by the ServiceManager (ServiceMgr.exe) virus. I read up on some forums and I am having the same symptons that this virus gives others. Its affected my browser, acrobat, winamp, vlc player, and some more. I need help to get rid of this virus. I booted into safe mode and ran avg free scan, and then when I restarted the comp the program was gone from the list of running programs. However, next time I shut down and restart then the program is again running in the windows processes. I have gone to the registery (localmachine>software>windows>currentversion>run) and removed it from there. I have unchecked the entry from the msconfig startup tab, I have also booted into save mode and deteled the file C:\windows\system32\servicemanager.exe But next time I restart all these files get regenerated. I need some serious help. Thanks. Sarosh

You have the Passmail-D virus, basically it steals your passwords and mails them... W32/PassMail-D is a password stealing Win32 executable virus. W32/PassMail-D infects executable files on the local computer with an EXE extension. W32/PassMail-D attempts to steal passwords, sending stolen information to a remote user by email. The attacker is also send certain details about the infected user, including their username, computer name, IP address and version of Windows being run. W32/PassMail-D is a password stealing Win32 executable virus. W32/PassMail-D attempts to steal passwords, sending stolen information to a remote user by email. The attacker is also send certain details about the infected user, including their username, computer name, IP address and version of Windows being run. W32/PassMail-D copies itself to the Windows system folder as SERVICEMGR.exe and creates the following registry entry in order to run itself on startup: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Service Manager <Windows system folder>\SERVICEMGR.exe W32/PassMail-D infects executable files on the local computer with an EXE extension. When an infected file is run, the host file is dropped as a hidden file with a HWD extension and executed. The virus may also create or alter registry entries in the following locations: HKCU\Software\VB and VBA Program Settings\Service Manager\Service Manager\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Time Zones\ A good AV should be able to remove it, or you can do it manually in a PE or maybe even safemode. You will need to find a complete list every file affects and delete them all at once. Because it will regenerate on the next reboot if its not totally gone.

Avg free edition was absolutly unable to get rid of this. I was not expecting such lack of power froma avg free edition. ESET nod32 30 day trial detected this virus and even recovered all my corrupted exe files for me. And I ran the avg scan in safe mode for 4 hours on my 2 hard disks and it didnt give me a single warning. Guess I wont be using free avg anymore. Sarosh

Hi, Can you tell me a good free antivirus that can deal with such viruses in case I get them in the future. AVG free 8 could not remove this one, I need to find another. Tell me some good free antivirus that you know are better than avg 8. Sarosh