Svcvc.exe (Trojan) Removal

Symantec: Backdoor.Riken

This one was registered as a Trojan by Symantec's Norton anti-virus solutions. It gets into the target's system from browsing malicious sites on the Internet. The threat may arrive in the form of a PDF file and when once it is opened, the code executes and thus a process is launched, which creates a copy of itself in the target computer. This process is carried out very silently such that the user is unaware of the execution of the virus. Once executed, the Trojan tries to gather the personal information of the user and saves this data into a log file. During the process execution, the Trojan also alters the Registry entries to pass through the Windows Firewall restrictions. It creates IDs of itself with the help of registry and thus makes sure that the Trojan's process is executed at every startup. It also attempts to connect to remote sites from which other malware are downloaded to the computer. The log file created is uploaded into a specific file-sharing site so that its master can view the log and acquire the target computer's information. This Trojan MUST be removed to avoid further damage to the system. Follow the instructions below to delete the virus:

Manual instructions to remove svcvc.exe:

  1. Killing the process of the Trojan is next to impossible when you're running the system in the normal mode. So shift to the Safe Mode to make the deletion process easier. Click here if you're finding it difficult to boot in the Safe Mode. 
  2. Removing the path of the virus completely from the Registry would prevent its launch from the next boot up. So lets go to Start --> Run and type regedit to open the Registry Editor. In the Registry, go to the following locations
    Delete the value:
    "SamPs" = "C:\WINDOWS\system32\svcvc.exe"

    Now go to
    Delete the key consisting of the value:
    Also go to
    and delete the values
    "monstate" = "ID" and
    "KeyKill" = "ID".
  3. Restart your system again in the Safe Mode. After that, go to the following locations and delete these files:

    • C:\Windows\System32\svcvc.exe
    •  C:\Windows\System32\UsbStorageLog.txt
    •  C:\Windows\System32\cmd.txt
  4. That's just it! You've successfully deleted the Trojan. 

Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.

The following anti-viruses are recommended if you're still unable to delete the Trojan:

Norton 360 4.0 1 User (3 PC) Norton 360 4.0 1 User (3 PC)

Kaspersky Anti-Virus 2011 1-User Kaspersky Anti-Virus 2011 1-User

Eset Nod32 Antivirus V.4.0, 3 User Eset Nod32 Antivirus V.4.0, 3 User
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme