Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avast continue alerting by malware in svchost.exe [Solved]


  • This topic is locked This topic is locked

#1
heartbreaker

heartbreaker

    New Member

  • Member
  • Pip
  • 6 posts

hi there, my name in Ajay and since this morning i'm being alerted by avast. 

infection: URL:Mal

process: C:\Windows\System32\svchost.exe

 can anyone help me please?


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Yep I can :) are the urls Blackflight and reduled ?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

 

As soon as the logs have been produced run this very quick FRST fix to silence Avast

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix


  • 0

#3
heartbreaker

heartbreaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

here they are.

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It looks as though you are using V7 of Avast, support for this version will cease at the end on the month. I would recommend that you update to the latest version

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-21-3916064375-1812797599-2144750406-1001\...\Run: [VoipDiscount] => C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\voipdiscount.exe [23057512 2015-01-15] (VoipDiscount)
HKU\S-1-5-21-3916064375-1812797599-2144750406-1001\...\Run: [Rynga] => "C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe" -nosplash -minimized
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59923;https=127.0.0.1:59923
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com...q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com...q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3916064375-1812797599-2144750406-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com...q={searchTerms}
2015-04-19 12:51 - 2015-04-19 12:51 - 00000000 ____D () C:\ProgramData\90b31f1800005538
2015-04-19 12:48 - 2015-05-09 13:51 - 00000000 ____D () C:\Users\Sembhi\AppData\Local\20FB79F6-1429447683-4D8B-6087-4E45435F4349
2015-04-19 12:42 - 2015-05-09 13:51 - 00000000 ____D () C:\ProgramData\{b3973c4d-ccbf-93bb-b397-73c4dccbf137}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 1

#5
heartbreaker

heartbreaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

th log at complation

"Fix completed. The "Fixlog.txt" is saved in the same directory FRST is located"


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The fixlog should be on the desktop, have the alerts ceased
  • 0

#7
heartbreaker

heartbreaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

do i have to post the fixlog?


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have the alerts ceased ?
  • 0

#9
heartbreaker

heartbreaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

yes


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 1

#11
heartbreaker

heartbreaker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

thanks a lot sir 


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP