Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

major svchost virus? im lost! :(


  • Please log in to reply
3 replies to this topic

#1 laly

laly

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 10 March 2009 - 11:42 AM

hi all, i have a dell inspiron 5100 laptop, in the last few days ive been recieving error messages which say "svchost.exe - application error, The instruction at "0x75606eb5" referenced memory at "0x00000008". the memory could not be "read". Click on ok to terminate the program" sometimes the numbers are different, depending on which program is tryng to run etc ,also my internet explorer or firefox wouldnt connect (although my wireless connection looked fine). restarted (which im told wasnt a good move?) managed to get a net connection but only to certan websites, eg. i could get google but if i clcked any links it went to pages lke stopzilla etc, also my browsers r set to open a new tab on clicking a link but it kept opening new browsers, also for some reason the language bar keeps appearing in wierd places (i never usually have the language bar on) I cant get any of my antivirus or antimalware programs to update, i cant get my windows firewall to switch on, it wont start in any safe mode apart from "safe mode with networking" ive scanned with agv, comodo, mbam, spybot and adaware and nothing is coming up. hmm... i think thats it for symptoms ....aargh!
if someone could help me id very much appreciate it, ive done most of the things suggested on other forums etc (including running the symantec w32.welchia.worm remover and the w32.sasser.worm remover, to no avail) im lost!
as i speak i now have no net connection on the machine.

Im running xp pro, up to date with updates,
was using comodo, but now using agv, i have adaware, spybot, HJT & malwarebytes.

Thanks in advance
Leanne x

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:06 AM

Posted 10 March 2009 - 12:51 PM

Hello, your malware bytes scan came back clean too?
Please read post 2 here by our quietman7 on this topic and ket us know.
http://www.bleepingcomputer.com/forums/top...ml#entry1171666
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 laly

laly
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 10 March 2009 - 04:17 PM

hi there,
malwarebytes is coming up clean right now, a quick scan i did on 24th feb came up with 2 infected reg keys which i deleted, my laptop was fine at the time, my problems only started around the 3rd march. Agv wont complete a scan in normal mode, it has completed a command line scan in safe mode w/networking (laptop wont start in basic safe mode) which came up clean. I managed to get adaware to complete a quick scan and it came up with tracking cookies:
hitbox
.hitbox
adbrite
pointroll
ads.pointroll
adserver
adserv
adserve
unicast
omniture
.stats.esomniture
hit.gemius
estat
kontera
partypoker
2o7
specificclick
uk.sitestat
.lycos

all of which i quarentined and deleted.

I followed the instructions on the link you posted and the svchost.exe processes r as follows:

924 Dcomlaunch, TermSvc

1004 RpcSs

1084 Dnscache

1140 LmHosts, Remote Registry, SSDPSRV WebClient

1696 BthServ

1824 stisvc

3020 BITS, Event System, SENS W32 Time, winmgnt

Do you suggest i install one of the process management programs on my computer? is=f so which one?

Hope this all helps. I do have a hjt log if you need it.

Thanks,
Leanne x

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:06 AM

Posted 10 March 2009 - 05:59 PM

Ho laly, withthe safe mode issue it's probably best and safest to run HJT.
Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users