Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer Is Acting Funky...is This A Virus? (\system32\svchost.exe)


  • Please log in to reply
13 replies to this topic

#1 PrincessDixieBElla

PrincessDixieBElla

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in Georgia
  • Local time:07:52 AM

Posted 05 October 2008 - 08:07 AM

Howdy y'all!

My name is Kathryn and I've got a little bit of a problem. My darling of a boyfriend likes to get on the computer, doing whatever it is he likes to do for several hours. By the time I get around to getting my turn back on the comp, I've got to repair, reinstall, buy new network adapters, or a new computer. In two and a half years this is the third computer that has started acting up and I'm desperately trying to figure out whats wrong and fix this comp before he gets mad at it and makes it a lawn ornament like the other two. I just did a full factory restore on this rootin' thing and was trying to reinstall the basic programs we first had. I don't know what he did or what he attempted to do or what he looked at, but.......

Windows\system32\svchost.exe

Rundll32.exe

Those are two constantly reoccuring files that keep accessing the user accounts on the computer in my event log files. I cannot get my AT&T Internet Security Suite to restart and from scanning over the files it looks like some other Internet Security has been installed.

Authentium Antivirus SDK

A virus scan had been run at some point in the past few days. I will admit to rushing and deleting the files that were in quarantine. I think it was

INF.IMAGE.PNF (possible boot sector virus in file) is what it said.

I haven't attempted to try any kind of virus extraction, scans, anything and mess up the computer worse than it is. I've spent most of the morning looking all over the internet for what it could have, details, etc. and I came across y'all on the google search engine.

If y'all could help me, I would be most grateful.

If y'all could help me and this computer before he decides to get back on it, I would cook y'all dinner.....


Sincerely,

Kathryn

Edited by PrincessDixieBElla, 05 October 2008 - 08:35 AM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:52 AM

Posted 05 October 2008 - 08:38 AM

Welcome to bleepin


http://www.bleepingcomputer.com/forums/ind...st&p=953398

regarding the new AV

would you run MBAM

http://www.bleepingcomputer.com/forums/ind...mp;#entry944365

we will have to deal with your darlin Bubba later

Edited by DaChew, 05 October 2008 - 08:39 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 PrincessDixieBElla

PrincessDixieBElla
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in Georgia
  • Local time:07:52 AM

Posted 05 October 2008 - 08:54 AM

Alrighty. I ran the program then had to figure out how to reply to you....ummm....I didn't scan cause you only told me to run...I didn't want to just assume

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:52 AM

Posted 05 October 2008 - 08:55 AM

follow all the directions in my link exactly
Chewy

No. Try not. Do... or do not. There is no try.

#5 PrincessDixieBElla

PrincessDixieBElla
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in Georgia
  • Local time:07:52 AM

Posted 05 October 2008 - 09:13 AM

That's odd. That didn't take as long as it normally, would even in quick scan.
But here's the report. I think I did it right...

Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 6.0.6001 Service Pack 1

10/5/2008 10:08:20 AM
mbam-log-2008-10-05 (10-08-20).txt

Scan type: Quick Scan
Objects scanned: 77153
Time elapsed: 9 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:52 AM

Posted 05 October 2008 - 09:26 AM

this one will take longer

with vista be sure and run atf cleaner as administrator

http://www.bleepingcomputer.com/forums/ind...mp;#entry948894

I prefer to run atf cleaner from my docs since I usually can't find it in safe mode on my overcrowded desktop
Chewy

No. Try not. Do... or do not. There is no try.

#7 PrincessDixieBElla

PrincessDixieBElla
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in Georgia
  • Local time:07:52 AM

Posted 05 October 2008 - 09:34 AM

I'm sorry, I think things over too much and confuse myself, Do you want me to do what that whole section says, or just the ATF Cleaner

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:52 AM

Posted 05 October 2008 - 09:45 AM

No, we need a full scan with SAS, just follow the directions step by step

Expect it to take about an hour or so
Chewy

No. Try not. Do... or do not. There is no try.

#9 PrincessDixieBElla

PrincessDixieBElla
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in Georgia
  • Local time:07:52 AM

Posted 05 October 2008 - 10:46 AM

I ran into a little bit of a problem when I was restarting. Apparently an operating system file grew legs and made itself scarce from the hard drive, so the computer did a system restore from I don't know how many days ago, but everything that I downloaded today was taken out of the computer. What would you like for me to do now???

Edited by PrincessDixieBElla, 05 October 2008 - 10:47 AM.


#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:52 AM

Posted 05 October 2008 - 11:04 AM

I would call AT&T and get directions for disabling their AV suite and start over in the process I have already given you.
Chewy

No. Try not. Do... or do not. There is no try.

#11 PrincessDixieBElla

PrincessDixieBElla
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in Georgia
  • Local time:07:52 AM

Posted 05 October 2008 - 11:10 AM

talk to you in an hour or so I guess....

#12 PrincessDixieBElla

PrincessDixieBElla
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in Georgia
  • Local time:07:52 AM

Posted 05 October 2008 - 11:29 AM

Here we go again......MBAB scan results


Malwarebytes' Anti-Malware 1.28
Database version: 1230
Windows 6.0.6001 Service Pack 1

10/5/2008 12:28:06 PM
mbam-log-2008-10-05 (12-28-06).txt

Scan type: Quick Scan
Objects scanned: 72335
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I'll be starting on the scan and ATF like.....now

Edited by PrincessDixieBElla, 05 October 2008 - 11:35 AM.


#13 PrincessDixieBElla

PrincessDixieBElla
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in Georgia
  • Local time:07:52 AM

Posted 06 October 2008 - 02:13 PM

Alright mister.....I'm gonna lay it down for you. My computer for some reason will not allow me to start in safe mode. The one &@$^% time I need safe mode and the computer goes through the system files, it will go back to the F8 boot up screen, say the operating system doesn't have all the files installed, and will proceed to boot up the computer in normal mode.....????.......and that's that.

I went on ahead and ran the scan in damn normal mode as well as the ATF cleaner, but other than that I don't know what to do

#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:52 AM

Posted 06 October 2008 - 05:32 PM

http://www.bleepingcomputer.com/forums/ind...mp;#entry961561

It might take a while as there's usually a long wait but your best chance is with the more powerful tools than we use here
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users