How to Remove RVHOST.EXE malware?

Follow these steps to completely remove this worm:

1-Start>RUN

2-Write CMD

3-In CMD,write "Taskkill /T /IM "RVHOST.EXE"

Open a Notepad Start & go to;RUn

4-Write "NOtepad"

5-in notepad paste these lines below

On Error Resume Next

Set shl = CreateObject("WScript.Shell")

Set fso = CreateObject("scripting.FileSystemObject")

shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"

shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr"shl.RegDelete

6- Save the notepad as "Enable.VBS" and the change the file type to "All"

7-Double click "Enable.VBS"

8-Now Start>Run. Write "Regedit" in it and press enter

9- Do the following changes in Registy

In the left panel, double-click the following:

HKEY_CURRENT_USER>Software>Microsoft>

Windows>CurrentVersion>Run

In the right panel, locate and delete the entry:

Yahoo Messengger = "%System%\RVHOST.exe"

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP and Server 2003.)-->

Removing Other Entry from the Registry

Still in Registry Editor, in the left panel, double-click the following:

HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Policies>Explorer

In the right panel, locate and delete the entry:

NofolderOptions = "1"

Restoring Modified Entries from the Registry

Still in Registry Editor, in the left panel, double-click the following:

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Winlogon

In the right panel, locate the entry:

Shell = "Explorer.exe RVHOST.exe"

Right-click on the value name and choose Modify. Change the value data of this entry to: "Explorer.exe"

In the right panel, double-click the following:

HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>Schedule

In the right panel, locate the entry:

NextAtJobId = "2"

Right-click on the value name and choose Modify. Change the value data of this entry to: "1"

Close Registry Editor.

Deleting the Malware File(s)

Right-click Start then click Search... or Find..., depending on the version of

Windows you are running.

In the Named input box, type:

AT1.JOB

In the Look In drop-down list, select My Computer, and then press Enter.

Once located, select the file then press SHIFT+DELETE.

Note: AT1.JOB is a Scheduled Task so you can find this in C:\WINDOWS