Homi writes, I get a warning notice when I fire up my PC. My OS is Windows XP Professional saying my “SVOhost.exe” is not there. On looking for it I have found out that it has been deleted by my anti spyware because it was infected with a virus. What is SVOhost.exe and do I have to reinstall it and from where &/or how
Removing svohost.exe from your system was the correct thing to do.
SVOhost.exe is associated with the Backdoor.Nibu.G virus, which attempts to steal password and bank account information. While virus software seems to have no problem catching this infected file, it doesn’t always clean up the mess left behind. As with any virus removal there is a common series of steps you need to follow in order to make sure your system remains clean. In the case of Backdoor.Nibu.G, there are a few additional things to do in order to return your system to “normal”.
Errors of this type are caused by invalid entries in the System.ini file. You can edit this file by opening Start > Run and typing edit SystemDrive:\Windows\system.ini where SystemDrive is replaced by C or D or whatever your system drive happens to be.
Look for a line like this in the system.ini file:shell = explorer.exe %System%\svohost.exe
Delete everything after explorer.exe. Save the system.ini file. Next time you reboot you should no longer get the error message.
At this point take steps to make sure you are completely virus free.
Since you are running Windows XP, before removing a virus, make sure you disable System Restore from the System Restore tab of System Properties.
Click Yes to confirm you want to turn off System Restore and then click OK. Doing this makes sure you don’t end up backing up a version of infected files to your System Restore partition.
Run your antivirus software to scan for possible infections.
Verify Backdoor.Nibu.G did not leave any host file entries behind by opening your hosts file in Notepad at SystemDrive:\Windows\system32\drivers\etc
Right click on hosts and choose Open with. Choose Notepad from the list. Delete any of the following entries found in the hosts file as these prevent you from accessing antivirus software sites: 127.0.0.1 avp.com
127.0.0.1 ca.com
127.0.0.1 customer.symantec.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mast.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 nai.com
127.0.0.1 networkassociates.com
127.0.0.1 rads.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 sophos.com
127.0.0.1 symantec.com
127.0.0.1 trendmicro.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 viruslist.com
127.0.0.1 www.avp.com
127.0.0.1 www.ca.com
127.0.0.1 www.f-secure.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 www.nai.com
127.0.0.1 www.networkassociates.com
127.0.0.1 www.sophos.com
127.0.0.1 www.symantec.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.viruslist.com
After deleting these entries, save the hosts file.
Once you are sure there are no viruses on your system, reboot and then turn System Restore back on.
