How to Remove RVHOST.EXE malware?

Follow these steps to completely remove this worm:

1-Start>RUN

2-Write CMD

3-In CMD,write "Taskkill /T /IM "RVHOST.EXE"

Open a Notepad Start & go to;RUn

4-Write "NOtepad"

5-in notepad paste these lines below

On Error Resume Next

Set shl = CreateObject("WScript.Shell")

Set fso = CreateObject("scripting.FileSystemObject")

shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"

shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr"shl.RegDelete

6- Save the notepad as "Enable.VBS" and the change the file type to "All"

7-Double click "Enable.VBS"

8-Now Start>Run. Write "Regedit" in it and press enter

9- Do the following changes in Registy

In the left panel, double-click the following:

HKEY_CURRENT_USER>Software>Microsoft>

Windows>CurrentVersion>Run

In the right panel, locate and delete the entry:

Yahoo Messengger = "%System%\RVHOST.exe"

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP and Server 2003.)-->

Removing Other Entry from the Registry

Still in Registry Editor, in the left panel, double-click the following:

HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Policies>Explorer

In the right panel, locate and delete the entry:

NofolderOptions = "1"

Restoring Modified Entries from the Registry

Still in Registry Editor, in the left panel, double-click the following:

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Winlogon

In the right panel, locate the entry:

Shell = "Explorer.exe RVHOST.exe"

Right-click on the value name and choose Modify. Change the value data of this entry to: "Explorer.exe"

In the right panel, double-click the following:

HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>Schedule

In the right panel, locate the entry:

NextAtJobId = "2"

Right-click on the value name and choose Modify. Change the value data of this entry to: "1"

Close Registry Editor.

Deleting the Malware File(s)

Right-click Start then click Search... or Find..., depending on the version of

Windows you are running.

In the Named input box, type:

AT1.JOB

In the Look In drop-down list, select My Computer, and then press Enter.

Once located, select the file then press SHIFT+DELETE.

Note: AT1.JOB is a Scheduled Task so you can find this in C:\WINDOWS

Print Spooler Service

You get the following error when you try to install a Printer in Windows.

"Operation could not be completed. The print spooler service is not running."

1. Press Window key + R to open the Run dialog Start and type services.msc and click OK.
2. Double-click the Printer Spooler service, and then change the start up type to Automatic. This sets the Spooler service to start automatically when you restart the computer. Click OK.
3. Restart the computer and try to install the printer again.

If that doesn't work, the problem could be related to corrupted printer drivers that are installed on the computer. Try uninstalling all printer software from the computer and start from scratch. This may include PDF writer or faxing software as well. Anything listed in the Control Panel under Printers & Faxes I would do away with. If there is any software installed for other printers in Add/Remove Programs I would uninstall it all. Clean out everything possible that might be hanging the Printer Spooler service. Obtain updated software from your printer manufacturers and reinstall only the items you need.