BleepingComputer.com: One more PC, with svchost.exe problems

I'm actually not going to expect much on this one, to be honest. It's so old, it still has the 3.5" floppy drive. No joke

HP somethin-or-other, WIn XP Home Service pack 2... heavy POS. I'm even having problems just running the Security Check. I've rebooted twice now, in an effort to get it to run. My patience might actually run out, and I'll just transfer my personal pictures etc onto a separate HD, and scrap it. Even now, a third time to reboot, it still won't load ...

stand by ...


*Edit - SOLVED! as best as I can expect, anyway

This post has been edited by DBMotorsports: 17 July 2011 - 04:16 PM

I am not sure if you have a bppting computer. If so can you download a nd run a quick scan?


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.

Download Link 1
Download Link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
  
• Double-click on mbam-setup.exe to install the application.
  For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
  
• Then click on the Scan button.
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Nah, I think I'm done. I can't even get it to open a browser page, or my email, let alone even open the Task Manager. I'll keep at it for awhile, but I think the PC's had it

Try this
Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

I'd be glad to tell you the result, if it would even do that. I can't even get it to shut down properly. The hourglass shows up, as it should, but 7 seconds later ... absolutely nothing

If it has a CD drive, you can create ab=nd boot it off a rescue disk.
Another option is to remove and connect the hard drive as a slave and scan it in another PC.

AVIRA RESCUE CD
Try creating this disk and boot off of it. You will need another computer to make this disk on.
Avira AntiVir Rescue System
Tutorial for Avira Rescue CD


How to Slave a Hard Drive
My last 2 ideas.

I'll give this a shot, tomorrow morning. Tonight ... I've had as much as I can take from it. I'm __this__ close to doing what you had mentioned ... making the HD from the PC a slave

boopme, on 16 July 2011 - 10:34 PM, said:

Ok, finally able to check this ... The only box checked is Automatically detect settings. proxy server box was not checked when I clicked the LAN settings. And even getting to that point still took almost three minutes. Even as I type, I clicked the OK to close it out, and it's still in view

Again, I'll certainly take any help anyone is willing to give me, but I'm also not TOO concerned about this, just because of how old the PC is. So when that closes out, I'll start over with your first instruction, and see how that goes

I think the PC might be done for. (Stolen.Data) everywhere was cleaned up. Example of one line of the log -

c:\Windows\system32\xm1dm\1252_ff_0000001345_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully


Also had a couple different trojans show up - Banker and Ambler, all quarantined deleted. The log itself is very extensive, and disappointing. Do I dare post the results, anyway?

Those infections do lead to the best solution is a reformat.

These allow hackers to remotely control your computer, steal critical system information and download and execute files.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.

I was afraid of that, but, again, given the age of the PC, not surprised. SO< thank you sire, for taking the time to help with this, but I think it's time I accept defeat, and pull the HD so I can retrieve my pictures and such, before scrapping it

*Edit - Even spybot found a virtumonde.prx with 2 trojans in a coupole autorun settings, messing up the registry values (did I explain that right??) And after a quick-n-dirty search about this, and finding an answer on Yahoo Answers, a user linked a solution to this website http://www.bleepingcomputer.com/malware-removal/remove-vundo-virtumonde

OH well, it had a good run, while it lasted

This post has been edited by DBMotorsports: 17 July 2011 - 04:04 PM

Good luck.. Like I said you may be able to scan it if you slave it.