Svrwsc.exe [Virus/Worm/Trojan]


• Kaspersky: Worm.Win32.AutoRun.cgqp
• F-Secure: Worm.Win32.AutoRun.cgqp
• Bitdefender: Gen:Trojan.Heur.GZ.dmW@bu5Yxpc
• Eset: Win32/AutoRun.Spy.Banker.G
• GData: Gen:Trojan.Heur.GZ.dmW@bu5Yxpc
• Avira: Worm/Autorun.abo.23

What is svrwsc.exe?

That's another worm on the loose. Svrwsc.exe is basically a Trojan cum worm that pings several sites and downloads malicious files into the target system. Svrwsc.exe virus infects all your drives along with a few exe files in the %sysdir% or the C:\Windows\System32 folder. All these files are executed at every startup as scheduled by Svrwsc.exe. Windows 7 users may not worry much since Svrwsc.exe virus is programmed only for systems running on Windows 95, 98 and XP. If you find this process running on your Windows 7, it could belong to some other program.

How did Svrwsc virus enter my system?


The easiest way an Svrwsc entered your computer would be through other malicious files. These Trojans connect to servers where from they download and execute the viruses. Such viruses can be dangerous and must be removed as early as possible. Another possible way the Svrwsc.exe enters a computer is when you download stuff from mails which are sent by strangers and execute them yourself.

What does Svrwsc.exe do to my system?


When first executed, the Svrwsc.exe virus drops a few copies of itself into the System or the System32 folder and the drives of the computer. These copies in the drives are accompanied by an autorun.inf file that launches the Svrwsc whenever you try to open the drive. Apart from that, the Svrwsc.exe was also seen connecting to the Internet and downloading several malicious files to the %temp% i.e the temporary folder. Something new about this virus is that it creates a batch file in the temporary folder that is made to run using the Command Prompt at every startup. For this, the Svrwsc Trojan makes use of the Registry. Another way it hides itself is by staying among the Microsoft Services so even if you took care of the process, the virus would still be running in the background.

Are you getting an Svrwsc.exe error?


Svrwsc.exe error might popup if you had tried to remove the virus earlier. The main key to removing this Svrwsc.exe virus is in the registry. Even if you had deleted the actual file, Svrwsc errors might crop up saying that one of the files are missing. So please go through the instructions properly to avoid such errors. Follow the instructions given below for Svrwsc.exe removal.
How to remove Svrwsc.exe?
  1. Boot your computer in the Safe Mode. Click here if you're finding trouble doing that.
  2. Go to Start --> Run and type regedit to open the Registry Editor. Here, you'll have to delete or modify a few entries to get your system back to its original form.

    Go to

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

    Delete the following object that appears on the right side of your registry: • "SvrWsc"="" Also delete:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvrWsc

    Don't panic, this is just the service created by the virus in order to launch as a Windows service at every startup. The entries below may also be deleted as they were also created by the Svrwsc.exe virus.
    HKEY_LOCAL_MACHINE\Software\Microsoft\DirectX\MSB

    Here, you'll have to delete • "X1"=hex:00
    Also go to
    HKEY_LOCAL_MACHINE\Software\Microsoft\DirectX\MSA
    Delete the entries,
    • "X1"=hex:F7,2B,CC,01,C8,1F,70,89
    • "X2"=hex:00

  3. Now, reboot your computer once again in the Safe Mode. Go to Start --> Run and type %temp% to followed by the return key to open the "Temporary files" folder. Here, make sure you delete all the files as the copies of Svrwsc may reside in this folder.
  4. Also delete the file svrwsc.exe from the folder C:\WINDOWS\System32 to get rid of the original file. 
  5. As mentioned earlier, the Svrwsc virus is clever enough to keep a hold of several other copies in the drives. These files would be hidden, so you may need the help of the Command Prompt to take care of this. Go to Start --> Run and type CMD to open the terminal. The Prompt usually opens in the default folder. You'll have to move to the drives by typing [Drive Letter]: to move to the drives. For example, type D: to go to the D:\ drive. Initially, try cd\ option to go to the C:\ drive.
  6. Type the following commands to remove the copies of Svwsc.exe virus:
    • D: [This is your drive letter]
    • attrib -r -a -s -h [Removing the attributes]
    • del autorun.inf [deleting the autorun file]
    • del svrwsc.exe [deleting the virus]
    Use the same commands to delete the copies from the rest of your drives.
  7. Now, restart your computer and relax. You've successfully deleted the Svrwsc.exe virus from your system.

Data yet to be updated...

Finding this process difficult? Get these anti-viruses to delete the virus:

BitDefender Total Security 2011 - 3 PC/1 yearBitDefender Total Security 2011 - 3 PC/1 year

AVG Antivirus and Antispyware 1-User 2011AVG Antivirus and Antispyware 1-User 2011

Kaspersky Internet Security 2011 1-User Kaspersky Internet Security 2011 1-User
VShop
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme