Jump to content

Help Fake ransomware svchost.exe

Recommended Posts


Yesterday, I did install some malicious software that attacked my whole computer, after that I did a light scan and a deep scan as uploaded "Scan_Report1.txt" and "Scan_report2.txt.

After that attack, some of my account like PayPal/ Discord got hacked, plus in every file in my computer I can find a readme.txt inscribed in it


The thing is My files are not encrypted, the moment I found at about this I cut off the internet and went on with the scan, but I still receive some alert from Malwarebytes which means there is still a problem even tho i went with the deep scan



I don't know what to do anymore, that's why I'm here seeking your help.

Thank you

Scan_Report1.txt Scan_Report2.txt

Link to post
Share on other sites

Hello @Azaphyr  I will guide you. First, in case there is a real ransomware infection that has encrypted your user files, there is not much we can do. Restoring files from a recent Backup done before the infection is the thing to do. Malwarebytes has no decryption tools for any encription malware infection. What we can do is to see that all traces, if any, of actual malware are removed, As to the "Block" notices, the Malwarebytes program is keeping this pc safe from potential harm. As to the last bits about Windows update, Microsoft Windows has 2 pending updates from Microsoft, and 2 prior update failures. Please do these next steps.

  • Next, Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article


 [   2    ]

  • I would like a report set for review.   This is a report only.

Please download MALWAREBYRES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.


  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.

To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.




The set of data from the report will provide much needed information.

Please always attach reports as we go along. 

There will be lots more to do after this. Stick with me.

Link to post
Share on other sites

I do need the reports from my post above ^ ^ ^Regarding the 2 screen-grabs of the IP Block notices from Malwarebytes real-time web-protection. Apparently they were these 2
IP website blocks. These are there URL equivalent

For Your Information:

The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm.
A block notice is an advisory of the "block".
A "malicious website blocked" is entirely different from a "malware detected" event.

The website  Block message indicates that a potential risk was blocked by the malicious website protection.
The Malwarebytes web protection, by default, will always show each IP block occurrence.
The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.
See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true
Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.
On Outbound blocks, any attempted connection was stopped.
No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).
A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, SKYPE or Peer-to-peer software, to trigger these alerts.

These are also triggered by banner ads running on websites which is the most common form of alert. 

As a separate matter, the previous runs of Malwarebytes for Windows found and removed several malware, including trojans.
Some of those are classified as

Because of all of these serious malware & the heavy number of them, a serious set of advice.

These infections allow hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to be extremely CAREFUL of what websites you connect to on this machine ! If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojans & other malware were identified and removed, because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with these malware, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall


We can attempt to do more hunting to try to clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup attempt, please  say so.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.