Remove the infected file(s) found by Kaspersky in the following location:
C:\Documents and Settings\Default User\Local Settings\History\svchost.exe
Malwarebytes Anti-Malware has a built-in FileAssassin
feature for removing stubborn malware or other malicious files that it did not detect.
-- If the file returns, then you probably have other malware on your system which is protecting or regenerating it.
- Go to the "More Tools" tab and click on the "Run Tool" button
- Browse to the location of the file(s) to remove using the drop down box next to "Look in:" at the top.
- When you find the file, click on it to highlight, then select Open.
- You will be prompted with a message warning: This file will be permanently deleted. Are you sure you want to continue?. Click Yes.
- If removal did not require a reboot, you will receive a message indicating the file was deleted successfully.
- Click Ok and exit MBAM.
- If prompted to reboot, then do so immediately.
Caution: Be careful what you delete. FileAssassin is a powerful program, designed to move highly persistent files. Using it incorrectly could lead to serious problems with your operating system.
The other detections are in Housecalls Quaratine folder. When an anti-virus or security program quarantines
a file by renaming and moving it into a virus vault (chest) or a dedicated quarantine folder, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat
until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive
" especially if the scanner uses heuristic analysis
technology. Heuristics is the ability of a scanning program to detect possible new variants of malware
before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure
. When the quarantined file is known to be malicious
, you can delete
it at any time. Keep in mind, however, that if these files are left in quarantine, other scanning programs and security tools may flag them as a threat while in the quarantined area so don't be alarmed if you see such an alert. Just delete the quarantined items and subsequent scans should no longer detect them.
Please download TFC
(Temp File Cleaner) by Old Timer and save it to your desktop.alternate download link
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.
- Save any unsaved work. TFC will close ALL open programs including your browser!
- Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
- Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
- TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
- Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Please perform a scan with SUPERAntiSpyware Online Safe Scan
- Be sure to follow the instructions provided on that same page.
- When the scan is complete, please post the results in your next reply.