Jump to content

SVCHOST.exe

Allabonkaja
 Share

Recommended Posts

Allabonkaja

Allabonkaja

Posted
Posted

Hello everyone.

 

This past week I had several warnings from AVG.

Avg tells me it found a virus named svchost.exe in de temp folder. Everytime I restart my pc avg shows this warning.

Everytime I delete the virus automatically. But it keeps coming back. I don't know if I should be worried.

I need help.... please :)

 

Thanks in advance

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Let me see those logs in your next reply....

 

Thank you,

 

Kevin

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

 

Let me see those logs in your next reply...

 

Kevin

 

fixlist.txt

Link to post
Share on other sites
Allabonkaja

Allabonkaja

Posted
  • Author
Posted

here are all the logs and stuff:

 

MBAM thing:

 

Scan Date: 3-7-2014
Scan Time: 10:37:15
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.03.01
Rootkit Database: v2014.07.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DaanS
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295469
Time Elapsed: 14 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 14
PUP.HackTool.LOIC, C:\Users\DaanS\Downloads\Hive Mind LOIC-1.00-Application.zip, Quarantined, [5cc1910a7407a88e19ab91bd6799639d], 
PUP.Optional.Soft32.A, C:\Users\DaanS\Downloads\gimp setup.exe, Quarantined, [001da7f489f249ede30283ba3dc4768a], 
PUP.Optional.Babylon.A, C:\Users\DaanS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage, Quarantined, [3be2ddbe0d6e95a122ba576226dcd927], 
PUP.Optional.Babylon.A, C:\Users\DaanS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal, Quarantined, [d34ac2d9205b64d21cc07a3fad55b64a], 
Trojan.BitcoinMiner, C:\Users\DaanS\AppData\Local\Temp\phatk121016.cl, Quarantined, [d04de7b41764d5616520ecfebd46ef11], 
Trojan.BitcoinMiner, C:\Windows\Temp\phatk121016.cl, Quarantined, [8e8f7d1ebcbfbe781f6623c7bf4414ec], 
Trojan.BitcoinMiner, C:\Users\DaanS\AppData\Local\Temp\scrypt130511.cl, Quarantined, [60bd5744a8d3072f1f67b93110f359a7], 
Trojan.BitcoinMiner, C:\Windows\Temp\scrypt130511.cl, Quarantined, [021bb4e7a9d284b26125fcee27dccc34], 
Trojan.BitcoinMiner, C:\Users\DaanS\AppData\Local\Temp\diablo130302.cl, Quarantined, [ff1e8c0f3e3dfb3b1b6cb13917ecc739], 
Trojan.BitcoinMiner, C:\Windows\Temp\diablo130302.cl, Quarantined, [17067328c0bb82b481068f5bce35b050], 
Trojan.BitcoinMiner, C:\Users\DaanS\AppData\Local\Temp\poclbm130302.cl, Quarantined, [8895b7e484f782b4a6e243a7ab58ee12], 
Trojan.BitcoinMiner, C:\Windows\Temp\poclbm130302.cl, Quarantined, [cd504655e893da5cdbada04aa95a0ef2], 
Trojan.BitcoinMiner, C:\Users\DaanS\AppData\Local\Temp\diakgcn121016.cl, Quarantined, [a87587144f2ccf67137629c12dd6b050], 
Trojan.BitcoinMiner, C:\Windows\Temp\diakgcn121016.cl, Quarantined, [52cbf3a843382511aadf67836f94bc44], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end) ÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíííÿíí     ˜               
          ÿÿÿÿ                     ÿÿÿÿ                                                                              Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3-7-2014
Scan Time: 10:37:15
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.03.01
Rootkit Database: v2014.07.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DaanS
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295469
Time Elapsed: 14 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 14
PUP.HackTool.LOIC, C:\Users\DaanS\Downloads\Hive Mind LOIC-1.00-Application.zip, Quarantined, [5cc1910a7407a88e19ab91bd6799639d], 
PUP.Optional.Soft32.A, C:\Users\DaanS\Downloads\gimp setup.exe, Quarantined, [001da7f489f249ede30283ba3dc4768a], 
PUP.Optional.Babylon.A, C:\Users\DaanS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage, Quarantined, [3be2ddbe0d6e95a122ba576226dcd927], 
PUP.Optional.Babylon.A, C:\Users\DaanS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal, Quarantined, [d34ac2d9205b64d21cc07a3fad55b64a], 
Trojan.BitcoinMiner, C:\Users\DaanS\AppData\Local\Temp\phatk121016.cl, Quarantined, [d04de7b41764d5616520ecfebd46ef11], 
Trojan.BitcoinMiner, C:\Windows\Temp\phatk121016.cl, Quarantined, [8e8f7d1ebcbfbe781f6623c7bf4414ec], 
Trojan.BitcoinMiner, C:\Users\DaanS\AppData\Local\Temp\scrypt130511.cl, Quarantined, [60bd5744a8d3072f1f67b93110f359a7], 
Trojan.BitcoinMiner, C:\Windows\Temp\scrypt130511.cl, Quarantined, [021bb4e7a9d284b26125fcee27dccc34], 
Trojan.BitcoinMiner, C:\Users\DaanS\AppData\Local\Temp\diablo130302.cl, Quarantined, [ff1e8c0f3e3dfb3b1b6cb13917ecc739], 
Trojan.BitcoinMiner, C:\Windows\Temp\diablo130302.cl, Quarantined, [17067328c0bb82b481068f5bce35b050], 
Trojan.BitcoinMiner, C:\Users\DaanS\AppData\Local\Temp\poclbm130302.cl, Quarantined, [8895b7e484f782b4a6e243a7ab58ee12], 
Trojan.BitcoinMiner, C:\Windows\Temp\poclbm130302.cl, Quarantined, [cd504655e893da5cdbada04aa95a0ef2], 
Trojan.BitcoinMiner, C:\Users\DaanS\AppData\Local\Temp\diakgcn121016.cl, Quarantined, [a87587144f2ccf67137629c12dd6b050], 
Trojan.BitcoinMiner, C:\Windows\Temp\diakgcn121016.cl, Quarantined, [52cbf3a843382511aadf67836f94bc44], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end) 

Fixlog.txt

JRT.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Did you run AdwCleaner, can I see that log? Also continue with the following:

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for the logs, ok we continue;

 

Go here http://www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.

There maybe an offer of Google Chrome etc, untick those options if offered... Also ensure there are no outdated versions still installed, check via programs and features..

 

Next,

 

Run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Let me know if there are any remaining issues or concerns, if none are we ok to close out....

 

Thanks,

 

Kevin...

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.