Mobius1
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Mobius1
-
-
It was running OK before I was just getting a lot of warnings from AVG about services.exe and svchost.exe.
-
Results of MBAM quick scan:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.25.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Karl :: SKYNET [administrator]
25/06/2012 19:14:28
mbam-log-2012-06-25 (19-14-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241772
Time elapsed: 2 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Combofix log has been attached to the post.
The dodgy services.exe seems to have been disinfected, thank you very much for your help.
-
I forgot to mention I was getting these warnings at least 3-4 times per day then I ran MBAM in safe mode on the 22nd on which it detected a virus and removed it. I had no more warnings until today.
The TDSSKiller log was quite long so I attached it to the post.
-
I keep getting alerts from my AV software that svchost is infected, but it's being whilelisted due to it being an important program.
If Initiate a full scan with either AVG Internet Security 2012 or MBAM, nothing is detected. However, RogueKiller detects and kills svchost straigt away:
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Karl [Admin rights]
Mode: Scan -- Date: 06/25/2012 16:14:47
¤¤¤ Bad processes: 1 ¤¤¤
[sVCHOST] svchost.exe -- Path not found -> KILLED [TermProc]
¤¤¤ Registry Entries: 5 ¤¤¤
[sUSP PATH] Auto Shutdown.job @ : C:\Users\Karl\Desktop\Shutdown\shutdown.bat -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAJS-22L7A0 ATA Device +++++
--- User ---
[MBR] fbe83546a64a37c104fc57317a29c71e
[bSP] 9eed83032f48d1b76aa5d806c2826872 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19458048 | Size: 1500 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22530048 | Size: 294243 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200AAKS-00L9A0 ATA Device +++++
--- User ---
[MBR] 155977d67c2e8bc1b3e7dee72939ab9a
[bSP] 644a408825f648ea944c14be05f5437d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: WDC WD10EALS-00Z8A0 ATA Device +++++
--- User ---
[MBR] ead02e815fe862833f63fb0d47b5386a
[bSP] 819440fad9918def8ddb6aaa2d6eb141 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Problem with SVCHOST
in Resolved Malware Removal Logs
Posted
Thanks very much for all your help. Much appreciated!
I've left a comment on your profile feed