Jump to content

Can't delete svchost.exe


Recommended Posts

Hello , lately I'm having problem with svchost.exe , that file must be in system32 file but that isn't in it.

Svchost.exe is in C:\Windows file and when I try to delete it I deleted it but after a few min or sec that file will appear itself and cannot deleteable.

I tried to scan with malwarebytes but seems like malwarebytes can't delete it.

Heres my log files.

attach.txt

dds.txt

Link to post
Share on other sites

Hello StanicEnemy and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall the following applications:

PriceGong 2.6.4

Yontoo Layers Runtime 1.10.01

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Please download Malwarebytes Anti-Rootkit from here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes Anti-Rootkit log
  • a new fresh DDS log

Link to post
Share on other sites

Hello StanicEnemy and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall the following applications:

PriceGong 2.6.4

Yontoo Layers Runtime 1.10.01

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Please download Malwarebytes Anti-Rootkit from here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes Anti-Rootkit log
  • a new fresh DDS log

Hello Maniac thank you for helping me.

Heres new logs

attach.txt

dds.txt

JRT.txt

mbar-log-2013-01-24 (02-53-55).txt

Link to post
Share on other sites

  • 2 weeks later...

@StanicE,

This system has been severely infected by Ramnit and cannot be cleaned.

As you must see, it has also infected exe files and cannot be disinfected.

See When should I re-format? How should I reinstall?

Where to draw the line? When to recommend a format and reinstall?

I advise you do a thorough wipe/reformat and then re-install Windows.

Disconnect this system from the internet right away.

I suggest a clean (new) Windows Install:

Before you do that, make sure you have at hand the Windows CD/DVD {if you do not have the Windows operating system disc, you will need to use your pc manufacturer's "factory restore procedure") and also, a fresh new copy of your antivirus that is downloaded from a clean pc and saved on transportable-media (CD-DVD or clean thumb drive).

When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.

You will loose your documents so if you have some to save, offload them to a separate offline media. And later on insure you do a full scan of them by running your antivirus.

P.S. You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you "may" be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

* Take any other steps you think appropriate for an attempted identity theft.

Also, any pen/thumb/USB flash drives used with this system should be wiped and reformatted. Ramnit is also known to be spread via these portable drives.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.