Jump to content

Svchost.exe infected, need help

Recommended Posts

I have been getting svchost.exe being blocked by MB for about a week or so, was on vacation so did not have time to deal with until now.  Attached are the files from the scans as per the instructions.

Please advise, my last go around in the forums nobody responded.


MB Scan.txt



New Blocked.txt

Protection Event.txt

Blocked 1.txt

Blocked 2.txt

Link to post
Share on other sites

Hello djkeefer and :welcome:

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware.

With that being said let's begin.

The first thing to do would be to turn on User Account Control to give some added protection against unwanted installs.
See this link for instructions on how to enable it: https://support.microsoft.com/en-us/help/975787/guided-help-adjust-user-account-control-settings-in-windows-7-and-wind

You have Spybot - Search & Destroy installed. I strongly suggest you remove it as it will conflict with your other antivirus program. Besides that running Spybot - Search & Destroy in addition to Malwarebytes would be redundant. I would not run both.


Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;


  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes

    Credits: Aura

  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it

  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


  • Download Junkware Removal Tool (JRT) and move it to your Desktop
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Press on any key to launch the scan and let it complete
    Credits : BleepingComputer.com and Aura
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply


Please download Zemana AntiMalware and save it to your Desktop.

  • Right-click on the icon and select Run as administrator to install the program.
  • Click Yes to accept the UAC security warning that may appear.
  • Select the language and click the OK button.
  • Click the Next button, accept the EULA warning and follow the instructions to continue and install the program.
  • Once the installation is complete it will start automatically. Wait a few seconds until the update of signature database is complete.
  • Without changing any options, click Scan to begin.
  • After the short scan is finished, if threats are detected click Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
  • Click on the Back button.
  • On the top right corner click on Reports icon (the one with three bars) and double click on the latest report.
  • Now click File > Save As, then choose your computer's Desktop and click the Save button.
  • Please attach the saved report in your next reply.



Please perform another scan with Malwarebytes and post its log. Also check if the issue (the svchost.exe detection) still remains.

Please attach the following logs to your next reply:
AdwCleaner clean log
Zemana log.

Malwarebytes log.

How is the computer running now?



Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.