I have the syshost.exe trojan on my laptop. It will not delete when I run the Mawarebytes. It just says Opperation Failed, error 2. This is what shows up when I run the malwarebytes system:


Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.04.10 Windows Vista x86 NTFS Internet Explorer 8.0.6001.18904 rickkosiarek :: RICKKOSIAREK-PC [administrator] 8/4/2012 11:24:53 PM mbam-log-2012-08-04 (23-32-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 233901 Time elapsed: 5 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 8 c:\windows\syshost.exe (Trojan.Downloader) -> No action taken. c:\users\administrator\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken. c:\users\annika and nadia\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken. c:\users\rickkosiarek\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken. c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken. c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken. c:\windows\system32\config\systemprofile\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken. c:\windows\temp\syshost.exe (Spyware.Agent) -> No action taken. (end)


This is what shows up in my RK report (which explains why Google.com does not work).


RogueKiller V7.6.5 [08/03/2012] by Tigzy mail: tigzyRK<AT>gmail<DOT>com Feedback: http://www.geekstogo...13-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6000 ) 32 bits version Started in : Normal mode User: rickkosiarek [Admin rights] Mode: Scan -- Date: 08/04/2012 22:59:15 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 94.63.240.127 www.google.com 94.63.240.128 www.bing.com 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHZ2320BH G2 ATA Device +++++ --- User --- [MBR] 220d2478ab2d438210c114f0a6e51a33 [BSP] 00953608a28c829f592748e42bd952be : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

I have run my malwarebytes. When I try to delete this infected files and reboot nothing happens and I get this message "operation fails, error code 2"

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.04.10
Windows Vista x86 NTFS
Internet Explorer 8.0.6001.18904
rickkosiarek :: RICKKOSIAREK-PC [administrator]
8/4/2012 11:24:53 PM
mbam-log-2012-08-04 (23-32-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233901
Time elapsed: 5 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
c:\windows\syshost.exe (Trojan.Downloader) -> No action taken.
c:\users\administrator\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken.
c:\users\annika and nadia\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken.
c:\users\rickkosiarek\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken.
c:\windows\system32\config\systemprofile\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken.
c:\windows\temp\syshost.exe (Spyware.Agent) -> No action taken.
(end)




I did run the RogueKiller and this is what shows up (below). What is the next step to fixing my computer?


RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User: rickkosiarek [Admin rights]
Mode: Scan -- Date: 08/04/2012 22:59:15
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
94.63.240.127 www.google.com
94.63.240.128 www.bing.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHZ2320BH G2 ATA Device +++++
--- User ---
[MBR] 220d2478ab2d438210c114f0a6e51a33
[BSP] 00953608a28c829f592748e42bd952be : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt


Can you PLEASE help and walk me through this?