Jump to content

Extremely resilient Svchost virus


Recommended Posts

So I noticed a few duplicates services running in task manager which is how I originally found this virus. The malicious software would be called something like bluetooth service_1310 right next to a legitimate Bluetooth service application. So I downloaded Malwarebytes, the rootkit version as well, roguekiller, superantispyware and many more, and ran all of these in safe mode with networking because that's what the guides the I was following were suggesting. rkill first and then virus removal softwares. There were some other viruses on my computer but the svchost virus has eluded them all. So I boot it from a Windows CD and reinstalled everything only on my operating system SSD at first. When I check task manager again the virus was still there but it has switched its name to a number of different services and had to come up with a new alphanumeric four digit number just like in the above example. So I realized this is no ordinary virus and accepted the fact that backing up my data was a lost cause so I used the samsung magician to secure erase my m.2 and then downloaded my BIOS on a separate computer and flashed it with a USB, then I use secure erase in my BIOS to wipe another hard drive and then found an old Windows 10 installation CD to reinstall Windows. I have a number of other hard drives but I just disconnected them and only let my "secure erase" ssd's connect to my computer as well as my disk drive. Well after all this the viruses changed its name again and somehow survived my hard drive wipes. This time I noticed a SVChost process that is running under my account name instead of system. There are also several processes that are using the underscore 4 digit signature that I've been noticing since the start.  I just completed the faq guide on what to try before posting but no luck. I'm writing this from my phone so have to post again to upload the logs requested

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean of malware.

I see nothing wrong with your system.

What exactly is the problem(s) you are having with this computer.
 

Link to post
Share on other sites
  • 5 weeks later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.