[BigSi79]

Afternoon All,

The aforementioned virus/malware/problem will not disappear. MBAM picks it up everytime, two copies of it to be precise. The information it lists is as follows:

Number 1.

Hijack.WindowsUpdate / Registry Data / HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Data: %fystemRoot%\system32\svchost.exe -k netsvcs) / Ref #40656

Number 2.

Hijack.WindowsUpdate / Registry Data / HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Data: %fystemRoot%\system32\svchost.exe -k netsvcs) / Ref #97196

I've tried SmitFraudFix in safe mode, MBAM in safe mode, I regularly run Ad-Aware, filehippo.com, SpywareGuard, Spyware Blaster...and err, that's about it! I work for a relatively large company and the HQ IT guys can't seem to get rid of it either!

Thanks guys, any help would be tip top; if I can give any more info do let me know.

Oh, running XP, laptop is a Bony Vaio VGN-SZ71WN.

Thanks,
Simon.

[Advertisements]

PROBLEM SOLVED!

A friendly IT guy went into 'regedit', changed permissions to allow changes on both 'BITS' & 'wuauserv'.

He did this after noticing the incorrect spelling in each path, '(Data: %fystemRoot%\system32\svchost.exe -k netsvcs)'. (Note the f, not S in 'System')

Used the Modify option to change the 'f' from within '%fystemRoot%' to an 'S' to become '&SystemRoot%' on both. Rescanned using MBAM again and all is well.

Thanks guys.

[BigSi79]

PROBLEM SOLVED!

A friendly IT guy went into 'regedit', changed permissions to allow changes on both 'BITS' & 'wuauserv'.

He did this after noticing the incorrect spelling in each path, '(Data: %fystemRoot%\system32\svchost.exe -k netsvcs)'. (Note the f, not S in 'System')

Used the Modify option to change the 'f' from within '%fystemRoot%' to an 'S' to become '&SystemRoot%' on both. Rescanned using MBAM again and all is well.

Thanks guys.