Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

possible malware? svchost.exe


kpreisch
 Share

Recommended Posts

I am trying to follow directions from a previous assist on the same topic.  I apologize in advance if I am doing this wrong.

I have run the scan FRST and attached here.   

I am unsure if this is a problem because I have always been careful and have Malwarebytes premium products always installed and running, but I have had the message pop up:

Detection, 11/11/2015 3:17 AM, SYSTEM, KRISTEN-PC, Protection, Malicious Website Protection, IP, 89.248.172.154, 2160, Inbound, C:\Windows\System32\svchost.exe, with various IP addresses.

I have been having this issue since yesterday, and I installed a new router yesterday, so it may be related to that, but I don't know for sure.

I have codetwo installed on this computer that is supposed to sync my Outlook 2013 across all of my devices, but I never did learn to use it.  I could take it off if I need to.  Really it is on here because I haven't gotten around to removing it.  I only have firefox on computer because Microsoft Silverlight doesn't work on Chrome, and I have my IE settings set just to the standards to use for my job.  (So if it is Firefox causing problems I can remove that right away.)

I don't think I have anything that I shouldn't, but if something should not be on here I can remove it.  I use this computer to work from home, but I am not employed by any of the companies whose software I have.  (I am a contract employee, so I own all of the equipment and rights as assigned to perform my job.)  You can probably tell that I am very careful because I do work from home, so security and function have to be perfect.  I guess I am just trying to address all of the caveats I have read for previous issues of the same general description, and I don't want to be confused with a repair that should be paid by a business.

Obviously I am not savvy enough to determine if I have a real problem, or maybe the issue is not malware but something I did incorrectly when I installed the new router.

Anyway, please help, or point me in the direction I need to meet your requirements to receive help.

Sincerely,

kristen

Addition SCAN LOG.txt

FRST.txt

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.