davsmaname,
I doubt this has anything to do with CCleaner. It undoubtedly occurred as a result of the trojan trying to "phone home" using your internet connection. There are three known Trojans that show up as "svehost.exe"
Unfortunately all are bad. One of them is called - W32/Rbot-GRW. Comes from chat channels.
----------------------------------------------------
These are very dangerous infections . They have "backdoor" capabilities.
They give remote intruders complete control of your computer, which can include logging key strokes, stealing information, etc.
You are strongly advised to do the following immediately:
Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
From a clean computer, change *ALL* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
Because of the infection's backdoor functionality, the basic security of your PC is very likely compromised, and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action is to reformat the hard drive and reinstall the Windows Operating System. The reason for this is that the infection can make undetectable changes to your security settings, which may enable a re-installation of the infection after the machine is "cleaned" and reconnected to the internet. (This infection can, in effect, leave a "cellar door" unlocked so it can come back later and gain entry).
If you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so. This is your choice to make.
To help you make a more informed decision, you can read the following articles:
Danger: Remote Access Trojans.
When should I re-format? How should I reinstall?
How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud?
Should you have any questions, please feel free to ask.
----------------------------------------------------
If you want me to attempt to clean your machine, proceed as follows.
(Since we don't know what the backdoor trojan actually did, there is no assurance that the machine can be cleaned at all, and we may fail)..
Initially, you will have to communicate from a clean machine that has ability to use flash drive or to burn a CD
From a Clean Machine, Download ComboFix
Download this file from either of the two sites below : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe Save the download to the desktop, and copy the file to a flash drive, or burn it to a CD. Then Use the flash drive or CD and copy the file to the infected machine. Disconnect the infected machine from the Internet.
Then double click combofix.exe on the infected machine & follow the prompts. Note: DO NOT mouseclick Combofix's window while it's running. That may cause it to stall
When finished, it will produce a log for you, C:\ComboFix.txt. Post that log in your next reply You may have to copy the Combofix.txt file back to the flash drive and return it to the clean machine to post it here.
askey127
