Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost infections


  • This topic is locked This topic is locked
8 replies to this topic

#1 ctsllc

ctsllc

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:04:00 AM

Posted 02 December 2008 - 08:40 PM

memory is being consumed by svchost aplications running - taking up 78% of memory. not sure how tp proceed. here is the hj this log


--

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:04:00 AM

Posted 15 December 2008 - 12:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 ctsllc

ctsllc
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:04:00 AM

Posted 16 December 2008 - 09:07 PM

OK thanks, i had actually thought that you guys had forgotten me. Here is the DDS file that you requested. thanks for your help

Attached Files

  • Attached File  DDS.txt   8.81KB   13 downloads


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:00 AM

Posted 16 December 2008 - 10:08 PM

Hello, ctsllc
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 ctsllc

ctsllc
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:04:00 AM

Posted 18 December 2008 - 09:03 PM

thanks i ran the scan and it found no threats. there was not a place to save a log file, only a screen to to but their products

#6 ctsllc

ctsllc
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:04:00 AM

Posted 19 December 2008 - 07:03 PM

ok sometimes i am a bit slow

here is the log file
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3704 (20081218)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=47cd5a46f9e2284fbf11fc236d9ac682
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-19 02:35:50
# local_time=2008-12-18 09:35:50 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.0.6001 NT Service Pack 1
# scanned=231442
# found=0
# scan_time=2465

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:00 AM

Posted 20 December 2008 - 09:37 AM

Hello, ctsllc
Sorry it took so long.. yesterday I was REALLY tired and didn't want to risk making major mistakes on people's machines ;)

As far as I can tell this system is clean. I think the RAM being used is part of Vista's SuperFetch feature, whereby it attempts to cache disk requests to RAM in order to reduce load on the disk and increase application speed.

Do you have any other symptoms?

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 ctsllc

ctsllc
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa
  • Local time:04:00 AM

Posted 20 December 2008 - 10:23 AM

actually iremoved a sentinal driver for a drafting program that apparently had done something to the system, it is better alothough not a good as it was. as long as there is nothing evil at work i guess i am ok. thanks for you help

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:00 AM

Posted 20 December 2008 - 11:19 AM

Hello, ctsllc
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users