Jump to content

Remove Worm_Win32_Rebhip.A

Recommended Posts

Occasionally the MS_Security Essentials notice - at StartUp(sometimes) - says the severe threat of Worm_Win32_Rebhip.A needs to be removed. I approve.

Then I run Malwarebytes which finds 4+ threats & they are removed (??) and re-boot. Upon reBoot, I check and C:\Users\(me)\AppData\Roaming\install\svchost.exe is back.

Delete svchost.exe and it's back within seconds.

Where the @#^%$T%#)*&)(*&*&^% root cause of this little gem?

I found it when I noticed (few days ago) that the CPU was pegged at startup for about 5 minutes. I'd stop the process and Voila there it was again.

All help appreciated



Link to post
Share on other sites

Hello Repeat, and welcome to MalwareBytes forums.

I highly suggest you locate and secure any removable drives you have (thumb/pen/USB flash drives).

Those will have to be scanned later on.

Place your USB flash drives in-place so that some of these programs will be able to find them.

I'm going to have you get and run a utility that will write to any connected devices a Read-only, System protected Autorun.inf file on all of your hard drives, and all connected removable storage devices.

Download and run "Flash Drive Disinfector" by sUBs. It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.


There is no GUI interface or log file produced.

The above is NOT the cure. It is just a band-aid for the moment.

See this Microsoft article just for background info, on Worm:Win32/Rebhip.A


Note that this infection can steal sensitive data.

Using another pc (not on this one) , change your passwords for any online accounts.

Meantime, do not use this pc for any money online transactions, no banking, and no surfing or game playing.

Only go to this forum and the websites that experts here guide you to.

Do NOT make any changes to the system on your own.

See and DO as much as you can of the following preliminaries http://forums.malwarebytes.org/index.php?showtopic=9573

Then reply to this topic with copy of contents of the latest MBAM scan log

the DDS.txt report

and the GMER log

Then await my reply.

P.S. Do NOT attach any reports. Always use Notepad to Copy all contents, then Paste into the main body of reply box here.

P.S.S. Your initial zip file either had nothing or got corrupted. Anyhow, do NOT attach logs or reports.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.