Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SvcHost.exe auto launches and downloads Jscripts


  • This topic is locked This topic is locked
3 replies to this topic

#1 UnredBenzer

UnredBenzer

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 April 2014 - 03:31 PM

Have this issue with SvcHost.exe running, downloading tons from the internet, and then playing audio on the speakers. I found many similar postings, about the audio, but not any related to SvcHost being rogue.

My system: Windows 7 SP1 64-bit

 

Here are the symptoms:

  • SvcHost.exe will launch by itself.
  • In task manager, the command line shows no path or parameters, just the word svchost.exe
  • If I end task, it will relaunch in exactly 11 minutes from the time it was killed.
  • When launched, if I have my network patch cable disconnected, the memory it takes is about 2 to 3 MB and does not grow.
  • If I am attached to the network/internet, memory it takes grows and grows. One time it was over a gig in memory.
  • I used Wireshark to watch all the places it talks to. Many looked evil.
  • If I kill svchost.exe, the talking stops. It resumes talking when it relaunches 11 minutes later.
  • All that data it puts into memory, will cause the audio to play, sometimes multiple things, that sound like ads or someone reading the news.
  • It seems to have disabled  the ability to do Windows Updates…they error out.
  • My restore points only go back to last Thursday. Thursday is when the audio stuff happened.
  • The only thing that I can tell happened that day was an auto update to Google Chrome. It ran even though no one was on the computer.

Items I have tried

  • Scanned with McAfee Security Center (Cox Communications Suite) and found nothing, though it has claimed many stopping of attempts in the past week.
  • Scanned with Rouge Killer.
    • It will see the rouge svchost.exe running and kill it, but can not tell me why it ran.
    • It did other cleaning the first time, but nothing else has returned.
  • Scanned with Malwarbytes Anti Malware too. Nothing found.
  • Scanned with Malwarbytes MBAR (root killer?)tool. Still nothing found
  • Tried Combo Fix and nothing automatically found. I can post the logs from it if needed.
  • Tried Adwcleaner and it found nothing.
  • ESET Online Scan: Nothing found either

I am sure I am infected by something, but what tools can I use next?

 

Thanks

-Dennis

 



BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:01 AM

Posted 13 April 2014 - 03:46 PM

Hi Dennis,

I suggest you start a new topic on the Virus, Trojan, Spyware, and Malware Removal Logs section and post all the logs you got from all those tools.

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 UnredBenzer

UnredBenzer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 April 2014 - 03:47 PM

Will do. (Was not sure exactly where to start) Thanks!



#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,099 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:01 PM

Posted 13 April 2014 - 04:21 PM

Hello,

Now that you have posted a topic with log to follow as suggested here: http://www.bleepingcomputer.com/forums/t/530933/svchostexe-auto-launches-downloads-data-and-play-audio/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users