Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHOST.exe in temp


  • Please log in to reply
1 reply to this topic

#1 Weedcloud

Weedcloud

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 15 February 2015 - 01:53 PM

I got one 2 in my temp is easy to get it out and ban it forever.

No virus scanner can solve the job i try some but it always come back.

What i did is i intercept the log. It's a data miner called Claymore CryptoNote CPU Miner  v3.4 Beta.

In the log is an IPadress and a website.

What u do is block the website in you're hardware firewall (Modem) and it's never coming back.

Then use UNLOCKER to remove the locked svchost.exe in ur TEMP.

 

Here are the adresses

 

pool.cryptmonero.com

cryptmonero.com

 

IP:46.165.232.77:1001

 

Hope i was helpfull

 

Enjoy ur speed


Edited by hamluis, 15 February 2015 - 02:32 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 oobymach

oobymach

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 28 February 2015 - 06:54 PM

I just had the same infection, svchost.exe was running high cpu so I opened location and it was in my windows temp folder.

 

I deleted it and restarted but it came back so I looked in my routers log and found an attack originating from the same ip address (46.165.232.77), after blocking that in my routers firewall and deleting my pagefile and restarting all is well, no more infection.


Edited by oobymach, 28 February 2015 - 06:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users