How to Remove RVHOST.exe (HELP!!!)

C

chanchan05

New Member
My Hijackthis logfile shows this as my only problem, and i don't know how to remove it. Both Windows Defender and my antivirus program (BitDefender 2009) doesn't seem to have the ability to remove it. Not that its doing anything wrong to my computer's performance that I can notice, i just know that this is not a desirable process and I want to remove it. Problem is, I don't know how.
 
J

Jaack

New Member
Navigate to and delete the following files if they exist:
C:\WINDOWS\SYSTEM32\RVHOST.exe
c:\windows\rvhost.exe
%all drives%\new folder.exe
C:\Windows\Tasks\At1.job

Now open Notepad. In Notepad paste the lines below.

On Error Resume Next
Set shl = CreateObject("WScript.Shell")
Set fso = CreateObject("scripting.FileSystemObject...
shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Wi... entVersion\Policies\System\DisableRegist...
shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Wi... entVersion\Policies\System\DisableTaskMg...
shl.RegDelete


Save the file to somewhere convenient and name it as Enable.VBS . Double click Enable.VBS .

Now press Start > Run. Type in "regedit" (without the quotes).
double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Yahoo Messengger = "%System%\RVHOST.exe"
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP and Server 2003.)

Still in Registry Editor, in the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>W...
CurrentVersion>Policies>Explorer
In the right panel, locate and delete the entry:
NofolderOptions = "1"

Still in Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>... NT>
CurrentVersion>Winlogon
In the right panel, locate the entry:
Shell = "Explorer.exe RVHOST.exe"
Right-click on the value name and choose Modify. Change the value data of this entry to:
Explorer.exe
In the right panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentContr...
Services>Schedule
In the right panel, locate the entry:
NextAtJobId = "2"
Right-click on the value name and choose Modify. Change the value data of this entry to:
1
Close Registry Editor.



Restart your computer.

or try this
http://www.askmehelpdesk.com/spyware-viruses-etc/how-remove-rvhost-exe-malware-71164.html
 
C

chanchan05

New Member
I encountered a problem

I encountered a problem removing it...following your instructions:

Now press Start > Run. Type in "regedit" (without the quotes).
double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Yahoo Messengger = "%System%\RVHOST.exe"
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP and Server 2003.)
Click to expand...

There was no entry named %System%\RVHOST.exe in the regedit
regedit.jpg


This was what it looked like. I ran hijackthis again, the log on the notepad still detects the presence of RVHOST.exe.

Does me using Windows Vista have anything to do with it?

Also, note that the RVHOST.exe's existence is only shown in the notepad log, however whenever I try to look for it in the actual program log, it is not there
regedit2.jpg
 
Last edited:
You must log in or register to reply here.
Top