Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: how to remove a suspicous file that refuses admin and kill processes

04 Dec 2016   #1
D3X1K AXYZ

Windows 7 Home Premium x64
 
 
how to remove a suspicous file that refuses admin and kill processes

the file "C:\ProgramData\Client\Svhoste.exe" is definitely a malicious file, as it keeps taking over and erasing the data of other exe files while i am using them, leaving an empty .exe file behind. When i try to remove, replace, or rename the hollow exe file it tells me its in use by another program. Process explorer shows that svhoste.exe is using the file. when i try to kill the process it immediately opens an infinite number of svhoste processes. Both ASC 10 pro and mbam pro do not detect it and when i try to remove it manually, it says:

how to remove a suspicous file that refuses admin and kill processes-screenshot_20161204123506.png
I require my permission to make changes. I can't seem to change anything about it even if i run programs as admin. What should I do? i have a feeling that it is only a matter of time before it messes with something vital to the computer.




Attached Images
how to remove a suspicous file that refuses admin and kill processes-screenshot_20161204123506.png 
My System SpecsSystem Spec
.
04 Dec 2016   #2
samuria

win 8 32 bit
 
 

Welcome to the forum. Is this encrypting your photos and videos it a form of ransom ware. You should be able to kill it in task manager and very quickly delete it if you can't do that the best way is to boot from a DVD rescue disk or free Linux DVD to delete it. If it's encrypting photos it's normally slow so getting files off fast is s good idea disconnect one drive or Google drive. The exe it creates if you run will reinfect you
My System SpecsSystem Spec
04 Dec 2016   #3
D3X1K AXYZ

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by samuria View Post
Welcome to the forum.
Thank you. ^^
Quote   Quote: Originally Posted by samuria View Post
Is this encrypting your photos and videos it a form of ransom ware.
Svhoste is erasing exe file data leaving me an empty exe file. this is today's "casualty"



please note the red box in the picture
Edit: this is a scripting tool used for pokemon roms. I love programming ^^

Quote   Quote: Originally Posted by samuria View Post
You should be able to kill it in task manager and very quickly delete it
If i stop it, it immediately spawns an infinite number of individual svhoste processes.


Attached Images
how to remove a suspicous file that refuses admin and kill processes-screenshot_20161204140526.png 
My System SpecsSystem Spec
.

04 Dec 2016   #4
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Copy this into explorer address bar and post a screenshot:

%TEMP%

Also check here and do the same if found:

%PROGRAMFILES%\CLIENT

%PROGRAMFILES (x86)%\CLIENT

Also suggest downloading a fully functional (for 15 days) free trial of Zemana AntiMalware and running a scan with it.

Zemana Downloads – Security Software Free Trails
My System SpecsSystem Spec
04 Dec 2016   #5
D3X1K AXYZ

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by Callender View Post
Copy this into explorer address bar and post a screenshot:

%TEMP%

Also check here and do the same if found:

%PROGRAMFILES%\CLIENT

%PROGRAMFILES (x86)%\CLIENT

Also suggest downloading a fully functional (for 15 days) free trial of Zemana AntiMalware and running a scan with it.

Zemana Downloads Security Software Free Trails
I will do that later as I have a few errands to run, but i found somethings that may be helpful.
how to remove a suspicous file that refuses admin and kill processes-screenshot_20161204152348.png

according to windows dev center
the /a defines the windows installers Administrative installation option. Installs a product on the network.
as for the -a, i am not sure.

how to remove a suspicous file that refuses admin and kill processes-screenshot_20161204153006.png

Note: denial overrides allowance


Attached Thumbnails
how to remove a suspicous file that refuses admin and kill processes-screenshot_20161204152348.png  
Attached Images
how to remove a suspicous file that refuses admin and kill processes-screenshot_20161204153006.png 
My System SpecsSystem Spec
04 Dec 2016   #6
samuria

win 8 32 bit
 
 

As it's eating your files don't mess about get a bootable CD and delete it any free Linux live CD will do it then get s bootable anti virus CD and run that
My System SpecsSystem Spec
04 Dec 2016   #7
Alejandro85

Windows 7 Ultimate x64
 
 

It's clear at this point that you have a virus of some sort and it's wreaking havoc in your filesystem. Hopefully it only tampers with .exe files, but anyway, it could have already done anything to your system.

In this state, the only way to regain control over your system is a clean install. Stop using the system, backup your data to some other disk, then reinstall Windows from scratch. You can use a "live-CD" or something like that for that without compromising further any data.

Don't bother with antiviruses or any type of "clean". Once compromised, there is no way to ensure that a system is really clean.
My System SpecsSystem Spec
11 Dec 2016   #8
D3X1K AXYZ

Windows 7 Home Premium x64
 
 
Temporary solution to svhoste.exe (ssf virus)

While it seems as though I can't do much about it right now, I have found some information that i wish to pass on to anyone who may run into this problem. Get Sysinternals Process Explorer. Run Process explorer as Admin as soon as your desktop loads. Look for any program with the description ssf, as there may be more then one file causing this problem. In my case, I found a second one called "clientmanager.exe" which had the ssf file description. Using ProcExp, suspend the programs. Once suspended, you should be safe. If you lose an executable to this program, Suspending it will allow you to search the handles of this virus and remove the handle that holds the empty exe file "hostage." Then you should be able to delete the holo exe file. hope this helps.
I wish to thank all of you who replied to my post here.
Ps: if anyone has this same issue, any info on this issue, or any possible solutions to this problem, please let me know.
My System SpecsSystem Spec
Reply

 how to remove a suspicous file that refuses admin and kill processes




Thread Tools




Similar help and support threads
Thread Forum
Remove Admin Rights and Move instead of Copy | Batch file
I have a list of 1000 files names that I put in a text file named list.txt. Need to find them in more folders, sub folders which has 12000+ files in it. The below script works fine but I would like the Admin Right to be removed and also I want the files to be moved permanently into C:\your_files....
General Discussion
How to auto-kill orphaned processes if there is still a live one?
I just started my first IT job last month for a company that makes/markets foodservice items (mostly bakeware/servingware), and we have a Lenovo M79 tower and a monitor set up just outside out CEO's office for the purpose of displaying the security cameras at our new warehouse. (very...
General Discussion
Created new admin account, deleted old but processes running under old
Hello, I had a hard drive crash and I installed a new hdd and a new larger sdd. The sdd had the OS on it and I created a system image. I installed the new sdd and loaded the system image. At some point I created a new admin account and deleted the old admin account. If I go to the profilelist...
Installation & Setup
Explorer.exe - Kill all processes at once
How to Kill all Explorer.exe Instances with One Move This tutorial will show you how to kill all running explorer.exe (windows explorer) windows at once in Vista and Windows 7. (in cases of crashes or debugging reasons) The usual way of killing explorer.exe process is by opening Task...
Tutorials
Does anybody here remembers this program(to kill running processes)?
I had a program on Windows XP that I used every time that I tried to close an application or to safely remove my external HD, when an error message appeared that said that some process is still running and I need to close it first... you all know how annoying this is. With this program I could...
Software


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:28.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App