Jump to content

svchost.exe trojan found on my system

Recommended Posts

I am really new to this, but found that after running Malwarebytes after a long hiatus, I found that I have two infections of Trojan.Agent on my computer. I tried rebooting my computer under safe mode and after removing via Malwarebytes and restarting, the 2 Trojan.Agents are still on my popping up in the scan. I have no idea how long this has been on my computer and have not really noticed anything strange lately, but knowing they are on there makes me very worried. I run AVG Free and believe both were quarentened with that program b/c when I first ran Malwarebytes, it wanted to warn me about moving. Then, Malwarebytes originally said the two viruses were moved to the Virus Locker? or something like that.

Again, I have run Malwarebytes and it keeps showing these 2 Trojan.Agents still there.

I ran Rogue Killer and got the following report. No idea what this report means. Any help here would be GREAT!

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Patrick [Admin rights]

Mode: Scan -- Date: 07/21/2012 19:22:59

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5001AALS-00L3B2 ATA Device +++++

--- User ---

[MBR] ce7930d58ceff09200207b891e7c8091

[bSP] 49a97d3810a090d976f1b15ca4e6fb6b : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 876421a392939f0154caa04c19f1bc77

[bSP] 49a97d3810a090d976f1b15ca4e6fb6b : Windows 7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

+++++ PhysicalDrive1: WDC WD1200JB-00EVA0 ATA Device +++++

--- User ---

[MBR] 5be63bd5aace625ae4df925f2ab6704c

[bSP] cb79fde6872a9ce61a11fa9c19a5a9e1 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: HP USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>


I attached the most recent removal report from Malwarebytes...

mbam-log-2012-07-21 (19-54-06).txt

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.