Well, please move this if it isn't in the right spot. Anyways...
I've got a totally pain in the dewlap Virus that appeared out of nowhere. The only places I've been have been the Disco forums, Wikipedia, the JG forums, and *cough* Facebook. Same routine.
It attatches itself to an 'svchost' process and takes up 100% of my system memory usage. If you end the process, all of your sound gets shot, internet explorer is missing a few taskbars (like the tabs) but the computer runs smoothly. I've run Stinger, CA Security checks, and Trend Online House Call thing and haven't found anything.
Oh, and I had to transfer a hard copy of Stinger because when I tried to get it from download.com it stopped mid-download and gave me a:
"Download interrupted - Connection to server has been reestablished, closing application"
Any ideas, please? This is really annoying because I like my sound... And my bars... And everything else that gets killed when you end svchost.
If you already know the module that is being loaded into the Service Host, you can use any decent process viewer to terminate such, Process Explorer is a good example. This means that you can remove the injection without having to close the process itself. Naturally, it depends on the malware itself as to what can or can't be done, for example it may simply reinject as soon as you remove it and will most likely be present upon every reboot.
I recommend you take some time to review CastleCops' Malware Removal Procedure in order to remedy your problem.
Quote:The file has been renamed to circumvent anti-stinger tactics used by Sober.r
I wouldn't be at all surprised if Sober.r is your foe. Try downloading Stinger from here.
![[Image: DBoy-Blue-Copy3.png]](http://i79.photobucket.com/albums/j130/dboy1612/DBoy-Blue-Copy3.png)
