Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

svchost.exe.virus [Closed]


  • This topic is locked This topic is locked

#1
NotyoursMine

NotyoursMine

    New Member

  • Member
  • Pip
  • 2 posts
I just bought my first computer in October. Webroot, found a worm, and so did Malwerebytes 32 pups. But the virus was never completely removed. I think it is hidden. My friend who is knowledgeable said he thinks I'm hacked. I have had registry problems had to fight for my admin rights through a tutorial, my Microsoft office was stolen from me. Forgive my computer literacy is not very savvy just like my computer skills. Things are always changing, my hard drive is fragmented and wont optimize, all my memory is used and I don't think I used it . I have some papers and pictures and very little music saved. I don't think I could use all the space up. My disk drive wont work. I had some weird Xbox clips of dirt bikers in my files there were a bunch of them. I have encrypted word documents. That's all I can think now. Thank you to anyone who takes the time to read this and possible offer any advice.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets see if we can resolve this problem. Worst case would be a reformat so back up important data now, hopefully we will not need to do that.

First I will need to take a look at the computer, if you have any questions then please stop and ask


Please download Malwarebytes AntiRootkit and save it to your desktop.

Full instructions how to use MBAR
Please note: This is a beta version so please be sure to read the disclaimer and note of it.

• Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run ...

• Click on Next > then on Update button to download fresh definitions.
Posted Image

• When database updates click Next

• In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"
Posted Image

• If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.


• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

>> Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.

THEN

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

  • 0

#3
NotyoursMine

NotyoursMine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi thanks for your time,
I downloaded the rootkit and it is running, but then I went further into your message and followed the link and when I tried to download from bleeping computer it said it was dangerous for me to download? is this because of the beta? It made me nervous, any advice?? :blush:
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes it is a new programme and as such is not recognised by windows. It is safe as I have run it on my system
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As you appear to be having problems downloading the tools could you try this one and let me know the result

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I feel that you may also get a warning about FRST on Bleeping. If so then download the files from my dropbox links below. I have both the 32 and 64 bit version use the one relevant to your system. If windows blocks it then select more info ... Run anyway

Be advised we remove malware here and do not put it on your system .. We are the good guys :)

https://dl.dropboxus...555776/FRST.exe

https://dl.dropboxus...5776/FRST64.exe
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP