svch0st.exe - Useless
svch0st.exe
Manual removal instructions:
Then, it sends the captured keystrokes to a predefined Web site.
Creates one of these files:
Windows NT/2000/XP/2003: C:\Winnt\System32\Svch0st.exe
Windows 95/98/Me: C:\Windows\System\Svch0st.exe
Adds the value: "taskmgr.exe" = "%Path%\svch0st.exe"
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Adds the value: "taskmgr.exe" = "%Path%\svch0st.exe"
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Adds the value: "taskmgr.exe" = "%Path%\svch0st.exe"
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Constantly checks the names of all the open windows.
If this Trojan finds a window whose Title Bar matches one of these names: Offline Explorer; Netscape; Microsoft Internet Explorer
it will log all the keystrokes typed inside that window.
Using a script running on the server that the Trojan contacts, it submits all the logged keystrokes to a predefined URL.
Automatic removal:
Use RegRun Startup Optimizer.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.