SVCHost.exe Killer - Troj/DwnLdr-HKW

[BKGarry]

Hello Everyone,

Thought I would let you know, after a Grewaling Past 2 Days that we have detected this Virus on our servers (Troj/DwnLdr-HKW) it killed the SVCHost.exe, which then killed off several services including, Automatic Updates, Server, Workstation, Computer Browser and the Event Logger Services.

As you can imagine this caused no end of problems, and SOPHOS only identified the Virus at 4am(ish).

Please be aware, as it creates random services which run C:\Windows\System32\svchost.exe -k netsvcs

but when you look in the Registry, they are using random DLL's, which you then need to disable then stop the service, then delete the DLL's and Registry Settings.

Hope this helps,

Gaz

[contink]

Thanks for the heads up.