Jump to content

Recommended Posts

Hello everyone,

As the title says, i have a little problem with svchost.exe (which could also be the bitcoin miner).

 

Kaspersky found something in C:\Windows\temp\svchost.exe around one month ago. I tried to fix it but it came back after every restart. As it did nothing to my pc and as it was called svchost.exe i thought that it is a mistake of Kaspersky.

 

Yesterday (07.05.15) my cpu and gpu were on 100% while idling. As i had a bitcoin mining virus before, i rememberred the same symptoms and did some things:

 

Combo fix: I ran it once and it seemed to fix my problem until i restartet.

 

Kaspersky: Was unable to do anything but recognise the virus. I tried the secure Disc but it couldn't get rid of the virus.

 

Malwarebytes: It found two svchost.exe and two lsass.exe. But because it needs a restart and my pc was unable to shut down, nothing happened. I ran it again later in secure mode and the restart was possible. It seems like it solved the problem but Kaspersky still tells me there is svchost.exe in my temp folder.

 

RogueKiller, HitmanPro and ESETPoweliksClean... didn't work.

 

My system seems to be ok but as i said kaspersky still shows me that i have a virus and i can still see the file in the temp folder.

 

 

 

Could anyone please help me to fix this problem so that it doesn't start again in a month.

Share this post


Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems. medieval.gif

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.