Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account

Bad Virus, svchost plays audio and restarts my computer. Need help.

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts

I've got quite a nasty virus that I've been unable to get rid of. It plays random audio and forces my computer to restart. I believe it's a rootkit as it restarts my computer even when I'm not in windows (such as when I am running a memory diagnostic). I also tried restoring to a previous system restore point but I receive a memory error.


I've tried running rkill then multiple scanners including Malwarebytes, Kapersky TDSSKiller, AVG, SuperantiSpyware and Combofix.. to no avail.


I ran Roguekiller and it finds one of the svchost processes, kills it and the audio stops temporarily.


I am running Windows 7 64-bit.


I am concerned that even a system format will not clean this out.



Any help is greatly appreciated.

  • 0




    Malware Expert

  • Expert
  • 24,485 posts
  • MVP
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
The report will be saved in the C:\AdwCleaner folder.
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
    Download OTL from
    and Save it to your desktop.
    Copy the text in the code box:
    %ALLUSERSPROFILE%\Application Data\*.exe
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %ProgramFiles%\WINDOWS NT\*.* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
    Select the All option in the Extra Registry group then Run Scan.
    You should get two logs.  Please copy and paste both of them.

    • 0

    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP