Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I'm fixed, for now


  • This topic is locked This topic is locked
13 replies to this topic

#1 Cherriemater

Cherriemater

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 28 August 2011 - 10:15 PM

Greetings ... I think Facebook horked up my 'puter. Had TONS of registry errors, bought FIT IT but it did nothing but make this svchost.exe eat up tons of CPU-age. I blocked some games (Smurfs and Six Gun Galaxy) that I thought might have also infected me, or new friends gained through those games ((I know, I know, I should boycott FB altogether)). Downloaded and started running Glary Utilities and this seemed to help a bunch with the registry errors, but svchost was still chomping away. I have Spybot/Teatimer and AVG free edition that run all the time. But even with manual scans on both, they couldn't seem to find the memory seepage issue or worm which I think I heard munching. I did, however, start to get more and more AVG Threat alerts to invasions (one with the "F" word, which I will not repeat). So ... out of desperation I called my faithful computer geek (got him outta bed 'cuz his cell was in the kitchen ... whoops) and he told me about ComboFix. He said it should fix all my issues. Having to turn off AVG during the ComboFix scan caused 69 Reg errors (??) but I fixed them with Glary.

So ... I haven't been on FB yet, but I have surfed a bit and the svchost issue is gone, for now. Would you be so kind as to look over my log and let me know if there is anything else I must do?? Thank you ever so much!!! This Fix has saved me the cost of a new window (was thinking of tossing 'puter through it yesterday) and a new computer (I don't think it would have bounce softly). Hope to hear from someone soon. :)

Nope! I was wrong ... I'm still infected with ??? I left my computer up so that AVG could run it's scan at 3:00am and when I got up to go to the bathroom (diabetic with a small bladder = double trouble) I had the attached error on my screen: Generic Host 32 ...

It said to "click here for more info" and I did not, I took the screenshot and worked in the background then shut my computer down.

And ... svchost HOG is back. So, I truly stuck. Can anyone offer any help to both these issues???

Thanks ever so much.

Marti~

And, now the latest: svchost STILL hogs CPU and now my Realtek HD Sound driver keeps disappearing. I have to reinstall whenever I want to listen to something. Where does it go??? Why do I have to keep reinstalling???

Is there ANYONE OUT THERE?!?!!!?? Can anyone help me?!?!??!

Here's a summary of my issues:

svchost.exe takes up 30-75% of my CPU usage, slowing my computer. I have GLARY UTILITIES to check for registry issues and run this whenever it gets choked up. AVG is my antivirus and I'm getting two or three "Threat" quarantines per week now. I have run ComboFix but svchost is still comping away. Now, I lose my sound two - 10 times per day. Does that happen when I "End Process" this svchost??

Someone, please help. Thanks.

Marti~

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 02 September 2011 - 12:00 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 02 September 2011 - 07:15 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please submit the logs and let me know what problem persists.

#3 Cherriemater

Cherriemater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 04 September 2011 - 09:16 PM

Thank you so much for answering my post. I did as prescribed above (had to reboot) and attached both logs.

Not only do I NOT have any sound (right click on Volume Control and it says there is no device loaded even though through troubleshooting it says that my Realtek HD is working properly) but now I get background "beeps" like something is closing. I go to the desktop, and there's nothing running and Windows Task Manager does not show any process.

Thanks in advance for any help you can offer.

Marti~

Attached Files



#4 Cherriemater

Cherriemater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 04 September 2011 - 09:55 PM

Update: What I've experienced so far ...

Played facebook games and svchost.exe has not spiked over 22k mem usage and no CPU usage (well, at least the ONE that was hogging it before. There are 5-6 svchosts running on my 'puter at all times). In addition, iexplore would spike up to 1mil Mem usage, and it ran tamely and games ran quickly (ZombieLane and Mystery Manor).

Previously, TeaTimer would spike up to 150k mem usage but now running below 20k ... perhaps less threats hitting or memory leakage solved??

Volume control seems to be working just fine, so far, after I reloaded the drivers.

I ran my Glary Utilities and it found no registry errors and I deleted all temp files.

Am now running Spybot and have AVG scan planned for normal 3:00am. I have, in the past, heard my computer shut down and restart on it's own at night (how or why, I have no idea). I plan to leave it up tonight to see if I hear that again.

I am VERY please with whatever you asked me to download and run. So far so good. I look forward to your analysis and I'll keep you posted if anything "funny" occurs.

Thanks again.

Edited by Cherriemater, 04 September 2011 - 09:56 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 05 September 2011 - 08:52 AM

Now run the aswMBR.exe tool again. This time select the Fix button.

Important > you need to wait for the tool to report ... Infection fixed successfully
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run the aswMBR.exe normally. Post the log.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Please post the logs and let me know what problem persists.

#6 Cherriemater

Cherriemater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 06 September 2011 - 09:52 AM

I ran the aswMBR.exe the first time and only FixMBR was my option. I selected that and when it finished it did not tell me to reboot. I saved the log where it was and then did a scan (thinking that if it found something I would have the option to "fix." I did not and then ran FixMBR again. When it completed I saved the log (attached) and it did not ask me to reboot. I have NOT rebooted yet and will wait for direction from you.

I have not reloaded combofix yet. Should I uninstall the first version I loaded a week ago??

Thanks again!

Marti~

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 06 September 2011 - 12:55 PM

Your MBR (Master Boot Record) looks OK.

Run ComboFix and if asked to update please do So.

Post the log when completed.

#8 Cherriemater

Cherriemater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 06 September 2011 - 02:51 PM

I'm so glad to hear it. Ran ComboFix and have attached the log. Can't thank you enough for all your help!!! Let me know if you see anything else. :)

Marti~

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 06 September 2011 - 07:38 PM

The ComboFix look clean.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know of any remaining issues.

#10 Cherriemater

Cherriemater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 07 September 2011 - 07:11 PM

Everything has been working very well. I thank you SO MUCH for your help!! Attached is the Checkup. Opera running a bit slow while playing Zombielane ... but that could be an issue with the game itself. Other than that, no svchost hogups. Thanks again!!

Marti~

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 08 September 2011 - 11:00 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u26-windows-x64.exe).
    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 21

===

An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android.Adobe recommends... update to Adobe Flash Player 10.3.181.22

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

#12 Cherriemater

Cherriemater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 15 September 2011 - 06:42 PM

Howdy ... thanks so much for getting back to me. I have followed the above requests and, in the meantime. Microsoft has downloaded updates, which are now causing my CPU to go to 100% while IE8 is running. I use IE8, Opera and Firefox to play facebook games. Any thoughts on how I can clear up this new issue, or should I repost??

Thanks for all your help!! You've been GREAT!!

Marti~

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 16 September 2011 - 09:19 AM

Howdy ... thanks so much for getting back to me. I have followed the above requests and, in the meantime. Microsoft has downloaded updates, which are now causing my CPU to go to 100% while IE8 is running. I use IE8, Opera and Firefox to play facebook games. Any thoughts on how I can clear up this new issue, or should I repost??


Microsoft updates can be removed.

Restore your system to a date prior to the installation of this update.

If still having issues with the computer Download and run ComboFix. Post the log for my review.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 22 September 2011 - 07:36 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users