scvhost.exe SCVHOST.EXE IN C:\WINDOWS\TEMP

[Magnus]

Hello everyone. First of all, thank you ahead of time for any assistance you may provide. This is the only forum where I saw members actively helping the users.

The problem:

for a few days now, after my mother downloaded a "Book" with an ".exe" extension (righ, I know), I have been battleing this scvhost.exe (Note the name is scvhost.exe, and NOT svchost.ece) file that gets created every 2 minutes or so in my C:\Windows\Temp folder of my mother's computer. This is not my PC... I'm just the sucker that tries to fix it every time my mom executes something she should have left alone.

I do generally very well cleaning up the trash, sometimes remotely with teamviewer, but this one has got me stumped and I need all the help that anyone could provide. Again, it is very much appreciated.

What I have tried:

Ran full kaspersky heuristic scan. (file is detected)

Ran full malwarebytes scan (free version, file is detected here as well)

I have restarted in safe mode, deleted the file, reviewed the registry for any calls to that file as well for anything that is called to create it. I have found and removed from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run all while in safemode.

Upon restart, the file shows up again and my kaspersky antivirus as well as malwarebytes detect it. I have removed the file and search the registry a bunch of time, only to find the file again in that same location time and time again.

I've looked at some of the stuff you have done for the other users, so I have removed Java and I am attaching my FRST.txt and Addition.txt to this post. I also have Adobe flash player, but I have not removed it because my mother uses it daily. My sister also uses this computer with chromecast and my brother sometimes helps my mother too with computer stuff.

Once again, thank you VERY much for any help you can provide. Let me know if I missed something.

 

- Magnus.

 

Addition.txt

FRST.txt

[Magnus]

PS: I work near my mother's house. My apologies if I take 24 hrs between posts or to complete any requests from the experts.

Muchas gracias for understanding :-)

[kevinf80]

Unfortunately there is evidence of illegal software installed/present on your system, that is a direct breach of forum policy. We cannot offer any further help.. Please read forum policy with regard to Piracy   Thank you,   Kevin...

 

[AdvancedSetup]

Please remove the following from the computer. Once removed let us know and we'll continue to assist you.

 

C:\Windows\Tasks\AutoKMS.job
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

Thank you

 

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!