Jump to content

Search the Community

Showing results for tags 'svchost.exe'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 13 results

  1. So ive got this issue where, everytime i open my league of legends client, its suddenly crash and detects the svchost.exe as a mawalre, even tho i delete it many times it just restore automatically. thanks in advance
  2. Receiving a constant stream of popups from Malwarebytes about a riskware website being blocked. There is no domain given, and it continues even if I am not accessing my browser. It is referencing System32\svchost.exe. This file also exists in SysWOW64 once and WinSxS twice. The IP address is 123.123.123.123. A malwarebytes scan does not find anything, and I've run adwcleaner. I've uploaded an export of one of the event logs, and I can upload whatever other log data is needed. Would like help in identifying if this is a stream of false positives, or if some other malicious file is causing the popups. Thank you. report_log.txt
  3. I found my problem quite similar to another question on the forum. A blank process in task manager made my computer in high CPU usage (up to 100%). I have used Malwarebytes and AdwCleaner, but neither of them were successful. Addition.txt FRST.txt Malwarebytes.txt
  4. Hello, I'm new to the forum, but already had Malwarebytes Premium (and thank God for that!). Here's my sad story. My Windows 7 Professional 64-bit computer had been connected to a LinkSys AC1200+ wireless router, which was connected to a 3com OfficeConnect hub/switch, which was connected via the uplink to a gateway provided by TimeWarner/Spectrum Business Class. But the other night, the hub/switch failed, and I couldn't get on the Internet. For a while, I connected the computer directly to the gateway, via one of its four ports on the back. (I reconfigured the computer's IP and DNS to a fixed IP address.) It probably was this way for less than a day. I suddenly noticed, though, some strange things: (*) McAfee LiveSafe (which I had in addition to Malwarebytes Anti-Malware Premium, because it came with the computer) was trying to register new. It appears that something took it out. (*) I started getting messages, seemingly one every 5 to 10 minutes, from the real-time protection from Malwarebytes that it was blocking various attacks. I then realized that being connected directly to a port on the "Wild Internet" was really dangerous. So I pulled the plug. At this point, my Wifi finally came alive (honestly, I had never figured out how to force it to do that when connected via Ethernet, but the cable being plugged in seems to have prevented that---I never thought of that!). I'm now connected through the LinkSys AC 1200+ wireless router. The Wireless connection is configured for DHCP, so I should be safe from picking up any new infections?? (At least, that's the way it was before. The LinkSys wireless router is sitting on the Wild Internet, but it is password protected with a good strong password---NOT admin!) I have been alarmed at some of the threats that have been blocked, as they are outbound attempts to connect to a site in Russia at a single IP address, attempting the connection through many different obscure port numbers. The site's two variations are either wmi(dot)my0115(dot)ru or down(dot)my0115(dot)ru and the IP address is 78(dot)142(dot)29(dot)114. There seem to be three executablea that were blocked from connecting, one classified as RiskWare, and the others as Unspecified. The RiskWare is coming from C:\Windows\System32\lsass.exe. The Unspecified are the following: C:\Windows\System32\wbem\scrcons.exe and C:\Windows\System32\svchost.exe. The odd thing is that my Malwarebytes Anti-Malware Premium scan comes up clean, even though I'm still getting messages every so often that another attempt has been blocked! Does this indicate that something is masquerading as a system (whitelisted) program?? (If this is the case, then would running a threat scan in safe mode pick it up?) Here are some miscellaneous things that may be additional infections or part of the same: (*) There were two files that were caught and quarantined: 1) First was "Backdoor Zegost" at C:\adg.exe; 2) Second was "RansomWannaCrypt" at C:\Windows\mssecsvc.exe" Microsoft Security Center says that this file should not be allowed to run, associated with ransomware I think. (*) While backing up some files to DVD-ROM, I noted an odd file in the Documents directory. It is called adxloader.log, and when I opened it with Notepad, it looks as though it was loading things into the Registry maybe. Since I noticed it, it had been modified to a later date, but maybe this happened as a result of opening the file with Notepad. Maybe it's something legit, but I don't recall ever seeing it before. And the stuff inside it looks pretty malicious if it isn't something legit. (*) There is one other thing---maybe it's normal, or maybe not. When I went to try to retrieve the log file from Malwarebytes Threat scan the Documents and Settings folder shows with a padlock icon over it, and says "Access Denied" when I click on it, EVEN WHEN RUNNING WINDOWS EXPLORER AS ADMIN. Is this normal? Maybe this is for safety?? I was able to view the required logs and save them elsewhere, so not critical, but thought I'd ask. I will attach the following files to this post: 1) The MalwareBytes Threat Scan Log (which found nothing), which I called MalwareBytesThreatScanLog.txt; 2) The FRST scan log, FRST.txt; 3) the Addition.txt log; 3) Samples of the MalwareBytes blocked threat reports from the Russian site: They are called MalwarebytesBlocked_1.txt, MalwarebytesBlocked_2, MalwarebytesBlocked_3, MalwarebytesBlocked_4 and MalwarebytesBlocked_5; 4) the adxloader.log file, re-saved as a text file. I think that's all. Let me know if you need something else. My Windows updates are really out of date, sad to say. The updates got stuck at some point, and HP "Smart Friend" deleted a bunch of stuff, including Malwarebytes Anti-Exploit Premium, and really screwed everything up. They wiped out all of the pending updates. But I've been very ill and haven't had the energy to deal with it. I do have a backup I made when I got Acronis Backup, when the system was fairly new. And of course there faling back to a configuration from a few days ago before the hub started failing is an option. I keep all of my important files on a portable drive, though. I won't do anything at all, such as put in the replacement hub I just got through the mail today, until given the okay. I especially won't restore my direct wired connection yet, as this would require reconfiguring my LAN connection, and I don't want to make anything worse. Thanks for your help. MalwareBytesThreatScanLog.txt FRST.txt Addition.txt MalwarebytesBlocked_1.txt MalwarebytesBlocked_2.txt MalwarebytesBlocked_3.txt MalwarebytesBlocked_4.txt MalwarebytesBlocked_5.txt adxloader.txt
  5. Sometimes your program shows me the notification a connection is was blocked by it. The program spams the notification. If It starts, It would not stop for a period of some minutes. I have tried to look at your log files and detect the process what does this. Unfortunately, the program doesn't report process's Id, only the Process's file, which is, in my case, svchost.exe Please help me remove this spyware (I pretty sure it is a spyware). Thanks in Advance, Mizaro
  6. I had this issue 2 or 3 weeks ago. Malwarebytes constantly popups blocking a few different (what appears to be) adware issues, such as drivethelife and onclickads. There's a 3rd one that shows up sometimes but much more rarely. My Avast antivirus couldn't find any issues, and running a scan on my lifetime license MWB gives a message that there are no threats found. I have a temporary license on HitManPro and it seems to find tracking cookies but nothing to do with adware (from what I can tell). I uninstalled Malwarebytes and reinstalled it but lost my license key for about 10 days. During this time, I had no popups about these infections. I restored the key yesterday and started getting these constant annoying popups. I verified my installed programs and see nothing that seems related. All installed programs are normal Microsoft and other regular updates to my apps. I see nothing that seems related in my running processes, either. So how do I get rid of these popups? If there really is an infection (despite Malwarebytes telling me there isn't one), how do I get rid of it? Please help ASAP. I can't focus on my work with these popups annoying me constantly.
  7. Hi, I recently downloaded some harmful software and after using Malwarebytes I removed the majority of it. I have already performed multiple Threat scans using Malware bytes, the first of them removing a large number of malware and other PUPs. However, on startup I get the CMD prompt popping up saying that it's trying to download something similar to the image below. Every 3 hours I got the CMD popping up again. Along with this, Malwarebytes consistently blocks (thankfully) an outward connection(using svchost.exe) as shown in the outward report log. I have attached the necessary text files. I desperately need your help as I have tried almost everything and this is taking a toll on my mental health. Thank you in advance, I have seen that you help other people with very similar/ almost identical issues even today. Malwarebytes Scan.txt Outer Block.txt
  8. Hello. Blocks this file C: \ Windows \ System32 \ svchost.exe Although I have it in the system and no. It turns out that the false alarm triggers. Malwarebytes www.malwarebytes.com -The data of the journal- Date of security event: 07.12.17 Protection Event Time: 10:53 Log file: 1d419714-db2c-11e7-b7e3-dc85de773e48.json Administrator: Yes -Information about PO- Version: 3.2.2.2029 Version of components: 1.0.212 Service pack version: 1.0.3431 License: Premium version -Information about the system- OS: Windows 10 (Build 10240.16384) Processor: x64 File system: NTFS User: System -Information about a blocked website- Malicious Web site: 1 ,, Blocked, [-1], [-1], 0.0.0 -Information about the website- Domain: IP Address: 255.255.255.255 Port: [68] Type: Outbound traffic File: C: \ Windows \ System32 \ svchost.exe (end) mb-check-results.zip
  9. Hello. Blocks this file C: \ Windows \ System32 \ svchost.exe Although I have it in the system and no. It turns out that the false alarm triggers. Malwarebytes www.malwarebytes.com -The data of the journal- Date of security event: 07.12.17 Protection Event Time: 10:53 Log file: 1d419714-db2c-11e7-b7e3-dc85de773e48.json Administrator: Yes -Information about PO- Version: 3.2.2.2029 Version of components: 1.0.212 Service pack version: 1.0.3431 License: Premium version -Information about the system- OS: Windows 10 (Build 10240.16384) Processor: x64 File system: NTFS User: System -Information about a blocked website- Malicious Web site: 1 ,, Blocked, [-1], [-1], 0.0.0 -Information about the website- Domain: IP Address: 255.255.255.255 Port: [68] Type: Outbound traffic File: C: \ Windows \ System32 \ svchost.exe (end)
  10. I have been getting svchost.exe being blocked by MB for about a week or so, was on vacation so did not have time to deal with until now. Attached are the files from the scans as per the instructions. Please advise... FRST.txt Addition.txt MB Scan.txt
  11. I think MBAM just got me a false positive result.After a threat scan it found that the registry \HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run|Windows Update with data on C:\Users\wcwra\AppData\Local\Microsoft Windows|svchost.exe is a backdoor.bot,I went to the folder and it was empty,just a svchost.exe.config. backdoor.txt
  12. i'm pretty sure theres malware involved that my multiple anti virus scans havent picked up that is causing this, but i have run hitmanpro avast and malwarebytes scans numerous times, all have come up clear as i have deleted the ones that have appeared, Yet with malwarebytes i get a notification about once every 2 minutes about it blocking an outbound thing from sysWOW64/svchost.exe, then i check my logs it occurs about 2 times a minute. now i've seen other cases of thise and it has come to my attention to make my own separate post, as its individually based apparently, here are the txt files. side note: i also have this chrome issue where new tab defaults to default-search.net i have tried all the recommended procedures to remove it but it won't change anything thanks! Addition.txt FRST.txt
  13. Hi all, Keep getting the same notifcation on different servers multiple times per day. Alert Time: 10/03/2017 11:15:57 Server Hostname: SERVER Server IP: 192.168.0.254 Notification Catalog: Client Description: Malware threat detected, see details below: 10/03/2017 11:15:41 SERVER 192.168.0.254 Type: incoming, Port: 3389, Process: svchost.exe Blocked web site 37.139.50.3 10/03/2017 11:15:49 SERVER 192.168.0.254 Type: incoming, Port: 3389, Process: svchost.exe Blocked web site 37.139.50.3 10/03/2017 11:15:49 SERVER 192.168.0.254 Type: incoming, Port: 3389, Process: svchost.exe Blocked web site 37.139.50.3
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.