i was scanning my computer with ClamWin and then it detected some viruses (amvo.dll being the latest ) . It says that it cannot delete the file? why is that?? I use avast along with ClamWin. I prefer ClamWin anytime cause avast sometimes is irritating to handle. but avast detects some viruses that ClamWin doesnt. I keep ClamWin updated at all times. still i dont know why such problem exists. Please suggest?

The file might be locked by a running program. Post the ClamWin log here, we'll be able to tell you more after that.

ok. heres the log:



Scan Started Sat Feb 23 00:02:25 2008

-------------------------------------------------------------------------------



WARNING: \\?\I:\scvhost.exe: Can't remove



I:\scvhost.exe: W32.Autoit.Obfus FOUND

----------- SCAN SUMMARY -----------

Known viruses: 213479

Engine version: 0.92

Scanned directories: 13

Scanned files: 56

Skipped non-executable files: 0

Infected files: 1



Not removed: 1

Data scanned: 10.96 MB

Time: 42.078 sec (0 m 42 s)

--------------------------------------

Completed

--------------------------------------

I have an unblocker program Unlocker Assistant. I am logged in as an administrator. so what should i do? i get this problem quite often.

I had the same problem with amwo.dll file which is present in the system32 folder alongwith amwo.exe, amvo0.exe, and i think amvo1.exe. Clamwin detected it but couldnt remove it. i used another hijacker program to remove the virus. but still facing problems. Clamwin is not detecting anything. but infection still exists cause i cant see my hidden files and cant open my C:\ properly. any suggestions?

Have you previously used Norton Antivirus? Take a look at this post:

https://forums.techguy.org/windows-nt-2000-xp/571786-scvhost-exe.html

In case that doesn't apply to your situation, here's some more info:

https://www.delphifaq.com/faq/spyware_virus/f884.shtml

Windows svchost.exe is a valid Windows file, and you can have several of them running at the same time (I've got 5 of them running now on my computer according to Task Manager). Some malware writers name their stuff sort of similar so you will think the file is okay--that's why scvhost.exe instead of the real svchost.exe. It's definitely malware. Always try a scan in Windows Safe Mode if you suspect malware. If that doesn't work, download Norman Malware Cleaner and run it in Safe Mode. If that doesn't work for you, download a a good antimalware/antitrojan program (Asquared free is antimalware and Prevx is a good commercial one). They are better equipped than many antivirus programs to spot/get rid of tough malware.

If that does't work, ask for help at:

A-Squared (Emsisoft) (with initial self help) at https://forum.emsisoft.com/Default.aspx?g=topics&f=38
Castle Cops (with initial self help) at https://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
Malwareteks (same personnel at Emsisoft) (with initial self help) at https://www.malwareteks.com/forum.html
Spyware Warrior has free help and a list of rogue antispyware products at https://www.spywarewarrior.com/index.php

Regards,

hey,

thanks. I used trojan hunter. It has removed most of the viruses... But i think that the viruses have modified my registry permanently... is there any software foe repairing the registry entries??

hey,

thanks a lot!! I used trojan hunter. It has removed most of the viruses... But i think that the viruses have modified my registry permanently... is there any software foe repairing the registry entries??

ok. heres the log:



Scan Started Sat Feb 23 00:02:25 2008

-------------------------------------------------------------------------------



WARNING: \\?\I:\scvhost.exe: Can't remove



I:\scvhost.exe: W32.Autoit.Obfus FOUND

----------- SCAN SUMMARY -----------

Known viruses: 213479

Engine version: 0.92

Scanned directories: 13

Scanned files: 56

Skipped non-executable files: 0

Infected files: 1



Not removed: 1

Data scanned: 10.96 MB

Time: 42.078 sec (0 m 42 s)

--------------------------------------

Completed

--------------------------------------

I have an unblocker program Unlocker Assistant. I am logged in as an administrator. so what should i do? i get this problem quite often. Someone suggested i use some other softwares for the removal.... But can Clamwin fix it instead i using some other software??

Make sure that one infected file is really infected and not a false positive. Upload a copy of it to Jotti at https://virusscan.jotti.org/ on the Web and see what 20 or so virus scanners say about it, including Clam. If at least four of them say it is infected, it probably is, so you should try to unlock and then delete it. Replace/reinstall if it is infected. If it's a false positive, tell the Clam team about it at https://www.clamav.org/sendvirus/ on the Web.

ClamWin only spots viruses--it can't repair any damage done by malware. All it can do is Report/Remove/Quarantine as you have it configured. It is becoming difficult for ANY antivirus to completely repair malware damage. If you suspect registry damage, you might use System Restore (be careful you don't restore the malware, however), run a complete scan with the Microsoft Live One Care Scanner online, and/or do a reinstall of Windows.

Regards,