Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Sluggish, svchost.exe overacting, etc.


  • This topic is locked This topic is locked
12 replies to this topic

#1 Dragonite

Dragonite

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 14 May 2012 - 08:19 PM

Basically this:

http://i.imgur.com/H90d9.png

Svchost.exe has been exploding as of late. Malwarebytes and Avast decide to freeze up mid-scan, Rkill doesn't pick up anything except rundll32.exe and terminates it, and nothing else can seem to pick up what is causing all of this. Assistance would be great.

Edited by Dragonite, 14 May 2012 - 08:28 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 14 May 2012 - 08:48 PM

Hello,would you run these please.
You should read this short item >> What is svchost.exe And Why Is It Running?

Did you also try RKill / Malwarebytes from safe mode?
Did you reboot in between running these two apps?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Edited by boopme, 14 May 2012 - 08:50 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Dragonite

Dragonite
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 14 May 2012 - 09:11 PM

I ran both Avast and Rkill from safe and regular mode, and did a boot scan, which also froze up, and I also rebooted.

I ran both programs you told me to, but aswMBR.exe caused a blue screen once it started scanning.

Here are the logs to the MiniToolBox, though.

http://pastebin.com/eAwJKYSd

Should I try running aswMBR again?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 14 May 2012 - 09:52 PM

Try it again please,safe mode if needed.


About this
Did you reboot in between running these two apps?

In other words,,,, Do not reboot your computer after running rkill and befpre MBAM or aswMBR as the malware programs will start again. Or if rebooting is required run it again.



Do you know what these two partitions are/
1024.4 Drive f: () (Removable) (Total:1.83 GB) (Free:0.45 GB) FAT
1025.5 Drive g: () (Removable) (Total:1.84 GB) (Free:1.04 GB) FAT




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Edited by boopme, 14 May 2012 - 09:52 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 14 May 2012 - 09:57 PM

Also.... Do this after you compplete those.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Dragonite

Dragonite
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 14 May 2012 - 10:08 PM

I ran everything in Safe Mode and regular mode without rebooting between each scan. I only rebooted if I was forced to.

The two removable drives are just SD cards, one I am using to transfer the scanners and logs to this computer.

Should I run TDDSKiller in Safe Mode or regular mode?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 14 May 2012 - 10:17 PM

OK, I was checking if malware created partitions.
Run in normal if you can.

Edited by boopme, 14 May 2012 - 10:18 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Dragonite

Dragonite
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 14 May 2012 - 10:46 PM

Okay, here's the TDDSKiller log:

http://pastebin.com/hrvGdyPD

And I'm updating Java.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 15 May 2012 - 01:01 PM

Ok, looks clean.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Dragonite

Dragonite
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 15 May 2012 - 01:20 PM

Ok, looks clean.


It's still displaying symptoms, though.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 15 May 2012 - 01:34 PM

No problem.. To see where or what is hidden we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Dragonite

Dragonite
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 15 May 2012 - 07:15 PM

No problem.. To see where or what is hidden we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.


I wasn't able to get GMER running because of this: http://i.imgur.com/ksOYA.png

Also, here are the logs: http://www.bleepingcomputer.com/forums/topic453774.html

#13 hamluis

hamluis

    Moderator


  • Moderator
  • 55,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:30 AM

Posted 16 May 2012 - 05:07 AM

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Your malware log topic is awaiting a response for you.

To avoid confusion, I am closing this topic.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users