Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me Out, Major Malware Attack. Maybe Vundo?


  • This topic is locked This topic is locked
2 replies to this topic

#1 drhowe

drhowe

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 04 June 2008 - 05:29 PM

Hello all,

Running XP Home Edition. First post on BC, but only out of necessity. You guys have come through for me many many times. But I'm stumped on this one. Here's a bit of history. Picked up something from visiting a link on Reddit (doh, so much for The Wisedom of the Crowd). Computer slowed to a halt the next morning, almost unusable. Pop-ups everywhere, hijacking of all adsense ads. Had to delete Mozilla cause some rogue extension was installed. Also, the strangest thing is it has somehow disabled Google and Yahoo searches and seems to know when I am trying to visit/download antivirus sites/software. Live searches and other 2nd tier engines work fine though.

I ran AVG, Avast, Spyboy Search & Destroy, even Malwarebytes. All detected numerous problems and I deleted or quarantined everything. The speed of the computer has improved greatly. But now I get these errors at Startup

C:\WINDOWS\svchost.exe

Windows cannot find 'C:\WINDOWS\svchost.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

(hit ok)

window pops up saying: Desktop

Could not load or run 'C:\WINDOWS\svchost.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry.


Also, Automatic Updates turns off on reboot. No matter what I do, even through the control panel, etc.

Any help would be appreciated, this is my girlfriends computer and she's not going to cook me dinner ever again if I can't fix it. :thumbsup: Also, nothing is backed up :flowers:

THANKS. DrHowe

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 04 June 2008 - 05:40 PM

svchost.exe normally lives in the C:\WINDOWS\System32 directory. The one in the error message you are getting, C:\WINDOWS\svchost.exe, was the virus. Typically when you get a virus it makes an entry in your registry instructing your computer to run the virus every time you start. Your antivirus found the virus and deleted it, but this entry is still in your registry, which is why you are getting the error message. Using the AutoRuns utility you should be able to locate this entry and delete it.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:01:04 AM

Posted 04 June 2008 - 08:00 PM

Hello drhowe,

Since you have a HJT log posted in the HijackThis Logs and Malware Removal forum, I'm going to close this Topic.

You shouldn't make any changes to your system, while your HJT log is posted, as that could change the results of the posted log, making it difficult to properly clean your system.
At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

If you have any questions, don't hesitate to send me a PM.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users