Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

One more PC, with svchost.exe problems


  • Please log in to reply
11 replies to this topic

#1 DBMotorsports

DBMotorsports

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 16 July 2011 - 09:55 PM

I'm actually not going to expect much on this one, to be honest. It's so old, it still has the 3.5" floppy drive. No joke

HP somethin-or-other, WIn XP Home Service pack 2... heavy POS. I'm even having problems just running the Security Check. I've rebooted twice now, in an effort to get it to run. My patience might actually run out, and I'll just transfer my personal pictures etc onto a separate HD, and scrap it. Even now, a third time to reboot, it still won't load ...

stand by ...


*Edit - SOLVED! as best as I can expect, anyway

Edited by DBMotorsports, 17 July 2011 - 04:16 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 AM

Posted 16 July 2011 - 10:10 PM

I am not sure if you have a bppting computer. If so can you download a nd run a quick scan?


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 DBMotorsports

DBMotorsports
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 16 July 2011 - 10:27 PM

Nah, I think I'm done. I can't even get it to open a browser page, or my email, let alone even open the Task Manager. I'll keep at it for awhile, but I think the PC's had it

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 AM

Posted 16 July 2011 - 10:34 PM

Try this
Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 DBMotorsports

DBMotorsports
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 16 July 2011 - 10:48 PM

I'd be glad to tell you the result, if it would even do that. I can't even get it to shut down properly. The hourglass shows up, as it should, but 7 seconds later ... absolutely nothing

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 AM

Posted 16 July 2011 - 11:00 PM

If it has a CD drive, you can create ab=nd boot it off a rescue disk.
Another option is to remove and connect the hard drive as a slave and scan it in another PC.

AVIRA RESCUE CD
Try creating this disk and boot off of it. You will need another computer to make this disk on.
Avira AntiVir Rescue System
Tutorial for Avira Rescue CD


How to Slave a Hard Drive
My last 2 ideas.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 DBMotorsports

DBMotorsports
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 16 July 2011 - 11:10 PM

I'll give this a shot, tomorrow morning. Tonight ... I've had as much as I can take from it. I'm __this__ close to doing what you had mentioned ... making the HD from the PC a slave

#8 DBMotorsports

DBMotorsports
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 17 July 2011 - 11:40 AM

Try this
Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

Ok, finally able to check this ... The only box checked is Automatically detect settings. proxy server box was not checked when I clicked the LAN settings. And even getting to that point still took almost three minutes. Even as I type, I clicked the OK to close it out, and it's still in view

Again, I'll certainly take any help anyone is willing to give me, but I'm also not TOO concerned about this, just because of how old the PC is. So when that closes out, I'll start over with your first instruction, and see how that goes

#9 DBMotorsports

DBMotorsports
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 17 July 2011 - 03:27 PM

I think the PC might be done for. (Stolen.Data) everywhere was cleaned up. Example of one line of the log -

c:\Windows\system32\xm1dm\1252_ff_0000001345_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully


Also had a couple different trojans show up - Banker and Ambler, all quarantined deleted. The log itself is very extensive, and disappointing. Do I dare post the results, anyway?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 AM

Posted 17 July 2011 - 03:42 PM

Those infections do lead to the best solution is a reformat.

These allow hackers to remotely control your computer, steal critical system information and download and execute files.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 DBMotorsports

DBMotorsports
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 17 July 2011 - 03:54 PM

I was afraid of that, but, again, given the age of the PC, not surprised. SO< thank you sire, for taking the time to help with this, but I think it's time I accept defeat, and pull the HD so I can retrieve my pictures and such, before scrapping it

*Edit - Even spybot found a virtumonde.prx with 2 trojans in a coupole autorun settings, messing up the registry values (did I explain that right??) And after a quick-n-dirty search about this, and finding an answer on Yahoo Answers, a user linked a solution to this website http://www.bleepingcomputer.com/malware-removal/remove-vundo-virtumonde

OH well, it had a good run, while it lasted

Edited by DBMotorsports, 17 July 2011 - 04:04 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 AM

Posted 17 July 2011 - 04:06 PM

Good luck.. Like I said you may be able to scan it if you slave it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users