SICHOST.exe missing

March 1, 2010 at 00:52:20
Specs: Windows XP
whenever my system starts up, i'm getting
"SICHOST.exe file not found". is it a virus file?
can anyone help to resolve this problem....
thanks....

See More: SICHOST.exe missing

Report •


#1
March 1, 2010 at 19:57:34
Yes it is malware (spyware cleaner), if you need some help run the following scans and post their logs please..

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

#2
March 1, 2010 at 23:41:01
Thanks Jabuck for ur reply..

I'd downloaded Malwarebytes' Anti-Malware and followed the
steps given by u. after performing quick scan, results r shown
and all r removed. MBAM doesn't encountered any file that is
difficult to remove. now there s no error msg "SICHOST.exe
missing" while startup and my system is good.

I'm using ESET NOD32 antivirus software, and now installed
MBAM too.. can both exist together r anyone antivirus s
enough..? which s best?


Report •

#3
March 1, 2010 at 23:58:21
Entire log report of MBAM


Malwarebytes' Anti-Malware 1.44
Database version: 3808
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/1/2010 3:17:38 PM
mbam-log-2010-03-01 (15-17-38).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 164810
Time elapsed: 11 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransport
erx (Adware.Minibug) -> Quarantined and deleted
successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-
87c932a848e0} (Adware.Minibug) -> Quarantined and deleted
successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-
02a139d5531c} (Adware.Minibug) -> Quarantined and deleted
successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-
cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted
successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransport
erx.1 (Adware.Minibug) -> Quarantined and deleted
successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C
urrentVersion\SharedDLLs\C:\Program Files\Common
Files\Real\WeatherBug\MiniBugTransporter.dll
(Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Run\google (Worm.Sohanad) -> Quarantined
and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\Start Page (Hijack.StartPage) -> Bad:
(http://www.blackcheta.blogspot.com/) Good:
(http://www.google.com) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad:
(http://www.blackcheta.blogspot.com/) Good:
(http://www.google.com) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\Default_Search_URL (Hijack.SearchPage) ->
Bad: (http://www.blackcheta.blogspot.com/) Good:
(http://www.google.com) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad:
(Explorer.exe SICHOST.exe) Good: (Explorer.exe) ->
Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common
Files\Real\WeatherBug\MiniBugTransporter.dll
(Adware.Minibug) -> Quarantined and deleted successfully.
E:\CONVERTER\Allok WMV to AVI MPEG DVD WMV
Converter 1.4.6\KEYGEN\KEYGEN.EXE (Trojan.Downloader)
-> Quarantined and deleted successfully.
E:\CONVERTER\Super Video Converter 2.7\KEYGEN.EXE
(Trojan.Downloader) -> Quarantined and deleted successfully.
E:\CONVERTER\Super Video to Audio Converter
2.7\KEYGEN.EXE (Trojan.Downloader) -> Quarantined and
deleted successfully.


Report •

Related Solutions


Ask Question