Jump to content

svchost outgoing and incoming connection, am i infected?


Recommended Posts

and i never knew about the blog and never sign up before i only read the instructions you have,

is someone using my IP or what?

That's possible, I've been banned several times myself.

MrC

Haha really? thanks for your help, my pc is working well ,but i had some glitch with WOT as it gave site green light but when i went back and forth while browsing the rating changed

Link to post
Share on other sites

  • Replies 72
  • Created
  • Last Reply

Top Posters In This Topic

Any part of the tutorial you would like to see just let me know and I'll post it for you. Unfortunately its not posted any where else. MrC

i read all or it

and have a html version (or webpage complete version)

thanks again for the help

Link to post
Share on other sites

Edit: Only problem i have now, is that the mouse (well the pc) freezes for 10 seconds everytime i try to open something.

and when i restart everything is fixed....strange?

im going through my startup items and disabling them via this info

http://www.bleepingcomputer.com/startups/

edit: ok i have this serivce running

"Background Intelligent Transfer Service"

bleeping computer says the folowing

http://www.bleepingcomputer.com/startups/Base_Filtering_Engine-16922.html

only one such entry is valid but when i search system32 is see the malicious service it referred to

i see

rundll32.exe & rundll32.exe.mui

are those ok ?

and should i disable

"Background Intelligent Transfer Service" ?

Link to post
Share on other sites

Yes it is, run your CCleaner to clean out temp files.

If no inprovenment.....

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Yes it is, run your CCleaner to clean out temp files.

If no inprovenment.....

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

before i run otl should i disable the service i asked you about above?

also i see another serivce at startup called

"Server" and its manufactured by Microsoft but i can find it on bleeping

also take a look at this, what is this ?

http://www.imagebam.com/image/540146246812708

Link to post
Share on other sites

rundll32.exe & rundll32.exe.mui

are those ok ?

Yes

and should i disable

"Background Intelligent Transfer Service" ?

No. it's needed

--------------------

We already scanned all of those.

If you want to scan them again.........

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
    If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

i will run all your scan soon, just looking through and googling service

i found

"RPC Endpoint Mapper" running

shouldnt be only for windows 8

?

also look what i found:

http://www.bleepingcomputer.com/startups/Security_Accounts_Manager-25805.html

i have the service "task scheduler" running and bleeping doesnt see it as good, what you think?

should i stop the service?

Link to post
Share on other sites

please take a look at this!!!!

http://www.imagebam.com/image/979931246817095

scary stuff

also thank for the patients ill be running your scan soon, just wanna get rid of some services as this looking and googling stuff takes alot

Link to post
Share on other sites

That link doesn't work for me. MrC

also what is ?

"Windows Management Instrumentation"

and

is

WinHTTP Web Proxy Auto-Discovery Service is it used as a proxy but i didnt set up a proxy (not sure if isp did as i use modem) but it maye related to a malware i had to delte from internet exploer, that malware added soem local host to exception list , so i disabling this too

am i right?

from the link you gave and bleeping computer this is used to monitor backdoor stuff so i diabled it

also heres the image

you couldnt see

also did you see the first imagebam post?

post-122706-0-19453400-1364921391.png

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.