Jump to content

Search the Community

Showing results for tags 'svchost.exe'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 13 results

  1. A few days ago I restarted my computer before a long time without re-starting it (like 1 week with the pc on) and I noticed that "Explorer.exe" was requesting to initialize, but the real explorer.exe task was already running... I said no but then I checked the directory of the file and the system said that the file was on %windir%/resources/themes, well going into folder to check if the file exists I noticed that theres nothing more than aero themes in this folder. So did a scan in the folder using malwarebytes and it recognized svchost.exe malware and explorer.exe, before adding they do quarentine I wanted to check why the files didnt apeared, so I enabled "show hidden folders" in explorer (the real one, from microsoft) and it changed nothing, well, so I tried to open the archive by going with %windir%/resources/themes/explorer.exe in the explorer path, it worked, but I still uncapable of seeing this file... So I started CMD as admin and did " cd " to %windir%/resources/themes and did " dir " inside the folder, as I expected the dir shows the same as explorer, but appeared 2 new items that the was named as " . " and " .. " I deleted both sucessfully. Searching for this in internet I found that there's an other way to hide files in windows, that was adding them to" important system files or protected system files" list, and following the instructions to disable this privilege, I finally could see the archives, well, I added them to the quarentine list and continued using my computer since yesterday that I realized that everytime malwarebytes send two addwares to quarentine (I left the results of scan in the post as "Annoying addware.txt") they come back right after I finish the task... When trying to solve these issues I realized many things... 1- I cant use commands as DISM, sfc /scannow, windows update, windows defender( I will let write happens when i try to use them bellow this part) , net start/stop wuauserv (the wuauserv service doesnt even exists in registry, I didnt checked windows defender one...) 2- there was a folder called QEMU hidden with the "important system files" method, I deleted all content Inside and then deleted the folder after taking out the folder privilegies 3- Theres two "program" files in "Inicialize" section of task manager wich I cant go to proprieties ( I dropped the print down on anexed files named as "Program" unknow files) When I try to use with /checkhealth everything go fine, but when I try to use dism with /restorehealth it stops at 87,5% and gives an error 1060 messages saying " the specified service does not exist as an installed service " ( I left the DISM log file right bellow named as DISM.txt ) When I try to use sfc /scannow it says that cannot fix all issues When i try to use windows update it says that my organizations disable windows updates ( ? ) When I try windows defender it just goes black screen on the window Well, it would be great if someone could help me, I dont really want to re-install windows... I would take a month to setup my pc again Also, I run Windows 10 Pro 64bits, version 1809... dism.log Annoying Adware.txt Rkill.txt FRST.txt Addition.txt
  2. I recently had gotten a lot of malware onto my PC. I cleared most of it using Malwarebytes, Hitman and other antivirus software. I however, still have some issues. svchost.exe now consumes more than 50% of my CPU usage and I get these notifications from Malwarebytes that I have attached to this post. I have heard that information from my PC could be getting leaked/stolen. Help would be much appreciated! Thank you.
  3. So ive got this issue where, everytime i open my league of legends client, its suddenly crash and detects the svchost.exe as a mawalre, even tho i delete it many times it just restore automatically. thanks in advance
  4. Receiving a constant stream of popups from Malwarebytes about a riskware website being blocked. There is no domain given, and it continues even if I am not accessing my browser. It is referencing System32\svchost.exe. This file also exists in SysWOW64 once and WinSxS twice. The IP address is 123.123.123.123. A malwarebytes scan does not find anything, and I've run adwcleaner. I've uploaded an export of one of the event logs, and I can upload whatever other log data is needed. Would like help in identifying if this is a stream of false positives, or if some other malicious file is causing the popups. Thank you. report_log.txt
  5. I found my problem quite similar to another question on the forum. A blank process in task manager made my computer in high CPU usage (up to 100%). I have used Malwarebytes and AdwCleaner, but neither of them were successful. Addition.txt FRST.txt Malwarebytes.txt
  6. Hello, I'm new to the forum, but already had Malwarebytes Premium (and thank God for that!). Here's my sad story. My Windows 7 Professional 64-bit computer had been connected to a LinkSys AC1200+ wireless router, which was connected to a 3com OfficeConnect hub/switch, which was connected via the uplink to a gateway provided by TimeWarner/Spectrum Business Class. But the other night, the hub/switch failed, and I couldn't get on the Internet. For a while, I connected the computer directly to the gateway, via one of its four ports on the back. (I reconfigured the computer's IP and DNS to a fixed IP address.) It probably was this way for less than a day. I suddenly noticed, though, some strange things: (*) McAfee LiveSafe (which I had in addition to Malwarebytes Anti-Malware Premium, because it came with the computer) was trying to register new. It appears that something took it out. (*) I started getting messages, seemingly one every 5 to 10 minutes, from the real-time protection from Malwarebytes that it was blocking various attacks. I then realized that being connected directly to a port on the "Wild Internet" was really dangerous. So I pulled the plug. At this point, my Wifi finally came alive (honestly, I had never figured out how to force it to do that when connected via Ethernet, but the cable being plugged in seems to have prevented that---I never thought of that!). I'm now connected through the LinkSys AC 1200+ wireless router. The Wireless connection is configured for DHCP, so I should be safe from picking up any new infections?? (At least, that's the way it was before. The LinkSys wireless router is sitting on the Wild Internet, but it is password protected with a good strong password---NOT admin!) I have been alarmed at some of the threats that have been blocked, as they are outbound attempts to connect to a site in Russia at a single IP address, attempting the connection through many different obscure port numbers. The site's two variations are either wmi(dot)my0115(dot)ru or down(dot)my0115(dot)ru and the IP address is 78(dot)142(dot)29(dot)114. There seem to be three executablea that were blocked from connecting, one classified as RiskWare, and the others as Unspecified. The RiskWare is coming from C:\Windows\System32\lsass.exe. The Unspecified are the following: C:\Windows\System32\wbem\scrcons.exe and C:\Windows\System32\svchost.exe. The odd thing is that my Malwarebytes Anti-Malware Premium scan comes up clean, even though I'm still getting messages every so often that another attempt has been blocked! Does this indicate that something is masquerading as a system (whitelisted) program?? (If this is the case, then would running a threat scan in safe mode pick it up?) Here are some miscellaneous things that may be additional infections or part of the same: (*) There were two files that were caught and quarantined: 1) First was "Backdoor Zegost" at C:\adg.exe; 2) Second was "RansomWannaCrypt" at C:\Windows\mssecsvc.exe" Microsoft Security Center says that this file should not be allowed to run, associated with ransomware I think. (*) While backing up some files to DVD-ROM, I noted an odd file in the Documents directory. It is called adxloader.log, and when I opened it with Notepad, it looks as though it was loading things into the Registry maybe. Since I noticed it, it had been modified to a later date, but maybe this happened as a result of opening the file with Notepad. Maybe it's something legit, but I don't recall ever seeing it before. And the stuff inside it looks pretty malicious if it isn't something legit. (*) There is one other thing---maybe it's normal, or maybe not. When I went to try to retrieve the log file from Malwarebytes Threat scan the Documents and Settings folder shows with a padlock icon over it, and says "Access Denied" when I click on it, EVEN WHEN RUNNING WINDOWS EXPLORER AS ADMIN. Is this normal? Maybe this is for safety?? I was able to view the required logs and save them elsewhere, so not critical, but thought I'd ask. I will attach the following files to this post: 1) The MalwareBytes Threat Scan Log (which found nothing), which I called MalwareBytesThreatScanLog.txt; 2) The FRST scan log, FRST.txt; 3) the Addition.txt log; 3) Samples of the MalwareBytes blocked threat reports from the Russian site: They are called MalwarebytesBlocked_1.txt, MalwarebytesBlocked_2, MalwarebytesBlocked_3, MalwarebytesBlocked_4 and MalwarebytesBlocked_5; 4) the adxloader.log file, re-saved as a text file. I think that's all. Let me know if you need something else. My Windows updates are really out of date, sad to say. The updates got stuck at some point, and HP "Smart Friend" deleted a bunch of stuff, including Malwarebytes Anti-Exploit Premium, and really screwed everything up. They wiped out all of the pending updates. But I've been very ill and haven't had the energy to deal with it. I do have a backup I made when I got Acronis Backup, when the system was fairly new. And of course there faling back to a configuration from a few days ago before the hub started failing is an option. I keep all of my important files on a portable drive, though. I won't do anything at all, such as put in the replacement hub I just got through the mail today, until given the okay. I especially won't restore my direct wired connection yet, as this would require reconfiguring my LAN connection, and I don't want to make anything worse. Thanks for your help. MalwareBytesThreatScanLog.txt FRST.txt Addition.txt MalwarebytesBlocked_1.txt MalwarebytesBlocked_2.txt MalwarebytesBlocked_3.txt MalwarebytesBlocked_4.txt MalwarebytesBlocked_5.txt adxloader.txt
  7. Sometimes your program shows me the notification a connection is was blocked by it. The program spams the notification. If It starts, It would not stop for a period of some minutes. I have tried to look at your log files and detect the process what does this. Unfortunately, the program doesn't report process's Id, only the Process's file, which is, in my case, svchost.exe Please help me remove this spyware (I pretty sure it is a spyware). Thanks in Advance, Mizaro
  8. I had this issue 2 or 3 weeks ago. Malwarebytes constantly popups blocking a few different (what appears to be) adware issues, such as drivethelife and onclickads. There's a 3rd one that shows up sometimes but much more rarely. My Avast antivirus couldn't find any issues, and running a scan on my lifetime license MWB gives a message that there are no threats found. I have a temporary license on HitManPro and it seems to find tracking cookies but nothing to do with adware (from what I can tell). I uninstalled Malwarebytes and reinstalled it but lost my license key for about 10 days. During this time, I had no popups about these infections. I restored the key yesterday and started getting these constant annoying popups. I verified my installed programs and see nothing that seems related. All installed programs are normal Microsoft and other regular updates to my apps. I see nothing that seems related in my running processes, either. So how do I get rid of these popups? If there really is an infection (despite Malwarebytes telling me there isn't one), how do I get rid of it? Please help ASAP. I can't focus on my work with these popups annoying me constantly.
  9. Hi, I recently downloaded some harmful software and after using Malwarebytes I removed the majority of it. I have already performed multiple Threat scans using Malware bytes, the first of them removing a large number of malware and other PUPs. However, on startup I get the CMD prompt popping up saying that it's trying to download something similar to the image below. Every 3 hours I got the CMD popping up again. Along with this, Malwarebytes consistently blocks (thankfully) an outward connection(using svchost.exe) as shown in the outward report log. I have attached the necessary text files. I desperately need your help as I have tried almost everything and this is taking a toll on my mental health. Thank you in advance, I have seen that you help other people with very similar/ almost identical issues even today. Malwarebytes Scan.txt Outer Block.txt
  10. Hello. Blocks this file C: \ Windows \ System32 \ svchost.exe Although I have it in the system and no. It turns out that the false alarm triggers. Malwarebytes www.malwarebytes.com -The data of the journal- Date of security event: 07.12.17 Protection Event Time: 10:53 Log file: 1d419714-db2c-11e7-b7e3-dc85de773e48.json Administrator: Yes -Information about PO- Version: 3.2.2.2029 Version of components: 1.0.212 Service pack version: 1.0.3431 License: Premium version -Information about the system- OS: Windows 10 (Build 10240.16384) Processor: x64 File system: NTFS User: System -Information about a blocked website- Malicious Web site: 1 ,, Blocked, [-1], [-1], 0.0.0 -Information about the website- Domain: IP Address: 255.255.255.255 Port: [68] Type: Outbound traffic File: C: \ Windows \ System32 \ svchost.exe (end) mb-check-results.zip
  11. Hello. Blocks this file C: \ Windows \ System32 \ svchost.exe Although I have it in the system and no. It turns out that the false alarm triggers. Malwarebytes www.malwarebytes.com -The data of the journal- Date of security event: 07.12.17 Protection Event Time: 10:53 Log file: 1d419714-db2c-11e7-b7e3-dc85de773e48.json Administrator: Yes -Information about PO- Version: 3.2.2.2029 Version of components: 1.0.212 Service pack version: 1.0.3431 License: Premium version -Information about the system- OS: Windows 10 (Build 10240.16384) Processor: x64 File system: NTFS User: System -Information about a blocked website- Malicious Web site: 1 ,, Blocked, [-1], [-1], 0.0.0 -Information about the website- Domain: IP Address: 255.255.255.255 Port: [68] Type: Outbound traffic File: C: \ Windows \ System32 \ svchost.exe (end)
  12. I have been getting svchost.exe being blocked by MB for about a week or so, was on vacation so did not have time to deal with until now. Attached are the files from the scans as per the instructions. Please advise... FRST.txt Addition.txt MB Scan.txt
  13. I think MBAM just got me a false positive result.After a threat scan it found that the registry \HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run|Windows Update with data on C:\Users\wcwra\AppData\Local\Microsoft Windows|svchost.exe is a backdoor.bot,I went to the folder and it was empty,just a svchost.exe.config. backdoor.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.