Today I'm going to post the virus fix that I used on my computer. As I said in my last post, I had come to a stalemate in my efforts - at the moment, it seems as though the virus is removed. Evidence being I've loaded into windows without a single problem for the first time in a week. I've also managed to run for as much as 5 hours without a single peep from AVG or MAS - another landmark.

The primary culprits appear to be horseserver.com and klikfeed.com - at least in reference to a lot of the IE problems. I've read a lot of posts online in reference to the virus I had, most of them seem to offer half fixes - or at least in my case. The solution I'll be detailing includes sort of a mix of a lot of fixes found on boards around the net, as well as a few of my own discoveries. I've heard that Symantec has recently posted an alert about a virus named HaxDoor that shows a lot of the symptoms I'd been having - HaxDoor already comes in various strings as well.

Onto the fix.

- First, be sure to use a reliable virus scan with the latest definitions downloaded. As well, make use of Spyware removal programs such as Microsoft AntiSpyware, Ad-Aware, SpyBot S&D, and/or HiJack This. Update as necessary. Finally, head to windows update and make sure you have all the latest security updates.
- Boot into safe mode.
- Turn off System Restore.
- Open Explorer, Goto C:\Documents & Settings\(Your User Name)\Local Settings . Completely empty out both the Temp and Temporary Internet Files folder.
- Next, Goto C:\Windows\System32 and search out and delete the following files:
- a.bat
- SVPHOST.exe
- klo5.sys
- Klogini.dll
- mszx23.exe
- tempf00/01/02
- drct16.dll (This one wouldn't delete, so I changed the name to xxx.yyy)
- p2.ini
- vdnt32.sys
- i.a3d
- In the Start menu, hit Run, type in Regedit. In HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE search out and delete any instances of the above file references. Easiest way is to right click and hit find, then type in the name. I found and deleted at least a dozen references to SVPHOST.
- Close Regedit. RUN ALL SCANS, multiple times if need be.
- As an added precaution, run msconfig and be sure to uncheck any suspicious startup items. SVPHOST was in my list. Happily, it is now gone :).
- Reboot into normal mode.
- Run scans again - hope for the best! :)

I hope this saves at least someone from the bouts of hairpulling I was forced to experience.