Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast and svchost.exe


  • Please log in to reply
11 replies to this topic

#1 rungel

rungel

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 08 April 2015 - 07:33 AM

I'm getting the popup from avast that scvlost.exe is infected or something.. Tried to download minitook box as a previous user was doing.. and avast was blocking it.. i had to disable avast.. i'll try to post minitookbox results
 
Sorry i mean svchost.exe.. my eyesight is not so well this morning..

Edited by Queen-Evie, 08 April 2015 - 08:54 AM.
moved from Windows 7 to explore the possibility of malware


BC AdBot (Login to Remove)

 


#2 rungel

rungel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 08 April 2015 - 07:42 AM

It might not show many event viewer logs because i ran adaware cleaner and JRT

 

MiniToolBox by Farbar  Version: 09-03-2015
Ran by BillyD (administrator) on 08-04-2015 at 08:39:51
Running from "C:\Users\BillyD\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: P15SM-A/SM1-A Manufacturer: Notebook
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/08/2015 08:11:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/08/2015 08:13:13 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (04/08/2015 08:13:13 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.


Microsoft Office Sessions:
=========================
Error: (04/08/2015 08:11:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



=========================== Installed Programs ============================
3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version:  - BisonCam)
Canon LBP6000/LBP6018 (HKLM\...\Canon LBP6000/LBP6018) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.4218 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.4218 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2211a - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.2211a - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4410.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4410.52 - CyberLink Corp.) Hidden
EgisTec Fingerprint Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.1.17.0 - Egis Technology Inc.)
Elevated Installer (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
E-tube Project (HKLM-x32\...\InstallShield_{C9BAE7A0-E614-4CDE-A868-AF6A4F10166D}) (Version: 2.9.0.17584 - SHIMANO INC.)
E-tube Project (x32 Version: 2.9.0.17584 - SHIMANO INC.) Hidden
Finger Printer (HKLM-x32\...\InstallShield_{C4E19F6D-5D61-4EAC-BE25-8DF48E18D34B}) (Version: 1.0 - CLEVO CO.)
Finger Printer (x32 Version: 1.0 - CLEVO CO.) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.5.8 - Sentelic)
Fingerprint Driver (x32 Version: 3.1.17.0 - Egis Technology Inc.) Hidden
Futuremark SystemInfo (HKLM-x32\...\{049285D1-9444-42CE-8EB2-9DED22B6FCEC}) (Version: 4.35.507.0 - Futuremark)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{ec94ae3d-c856-4a54-b596-a5c2c36a0208}) (Version: 4.0.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hotkey 2.34.49 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 2.34.49 - )
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Management Engine Components (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (Version: 10.0.0.1204 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.35.127.1 - Intel Corporation) Hidden
IsoBuster 3.5 (HKLM-x32\...\IsoBuster_is1) (Version: 3.5 - Smart Projects)
jv16 PowerTools X (HKLM-x32\...\jv16 PowerTools X) (Version:  - Macecraft Software)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
NETGEAR USB Control Center   (HKLM-x32\...\{A98ED5B6-8D40-4D1A-ADC5-86D45AD4F7AD}) (Version: 1.36 - NETGEAR)
NVIDIA Control Panel 347.88 (Version: 347.88 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.173.1392 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Update Core (Version: 17.12.8 - NVIDIA Corporation) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.312 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{70352071-9C2B-4EF0-88E6-9F16FEBAEB36}) (Version: 1.1.38.1281 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.78.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.04 - Creative Technology Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WebCam Installer (HKLM-x32\...\InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}) (Version: 4.041 - WebCam)
WebCam Installer (x32 Version: 4.041 - WebCam) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
World of Tanks (HKCU\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 8108.21 MB
Available physical RAM: 5819.21 MB
Total Pagefile: 16214.61 MB
Available Pagefile: 13709.71 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.43 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:476.6 GB) (Free:379.99 GB) NTFS
2 Drive d: () (Fixed) (Total:931.51 GB) (Free:929.45 GB) NTFS

========================= Users: ========================================

User accounts for \\BILLYD-PC

Administrator            BillyD                   Guest                    


**** End of log ****
 



#3 rungel

rungel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 08 April 2015 - 07:46 AM

http://speccy.piriform.com/results/rpkYk2iP66plcd57kS1Y06F



#4 rungel

rungel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 08 April 2015 - 08:11 AM

I've uploaded the file to virustotal but nothing was found..

 

Thank you for any help



#5 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:04:48 PM

Posted 08 April 2015 - 08:53 AM

I'm getting the popup from avast that scvlost.exe is infected or something


What exactly does the pop up say?

#6 rungel

rungel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 08 April 2015 - 08:54 AM

Seems it's a different url on each time the computer is rebooted
URL:hxxp://epictory.com/3232/StatRunner_142247497717391.dll
Infection:URL:Mal
Process:[color=#555555]C:\Windows\System32\svchost.exe

Edited by computerxpds, 08 April 2015 - 10:06 AM.
Malicious URL removed to protect BC members


#7 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:05:48 PM

Posted 08 April 2015 - 10:03 AM

 

Seems it's a different url on each time the computer is rebooted

URL:hxxp://epictory.com/3232/StatRunner_142247497717391.dll
Infection:URL:Mal
Process:C:\Windows\System32\svchost.exe

 

 

Malicious URL:
https://www.virustotal.com/en/url/1945ae771f43b2c6eb2026732d9eb287767bcfb4d45ed266bbf12e491ec4b4cc/analysis/1428505031/

https://www.virustotal.com/en/ip-address/37.48.117.50/information/

http://sitecheck.sucuri.net/results/epictory.com

http://quttera.com/detailed_report/epictory.com



#8 rungel

rungel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 08 April 2015 - 10:19 AM

https://www.dropbox.com/s/9w57ns5tyzxzkga/Capture.PNG?dl=0



#9 rungel

rungel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 08 April 2015 - 10:52 AM

Even when the computer is not being used i get a popup https://www.dropbox.com/s/knu6hkhh35c5yfp/Untitled1.jpg?dl=0



#10 rungel

rungel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 08 April 2015 - 12:57 PM

I have seen over at the avast forums that this has been a problem.. i think it's fixed..



#11 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:05:48 PM

Posted 08 April 2015 - 01:07 PM

I have seen over at the avast forums that this has been a problem.. i think it's fixed..

 

Link would be helpful. :whistle:



#12 rungel

rungel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 08 April 2015 - 01:39 PM

Oh sorry.. i had it bookmarked and for some reason i lost it..but i followed the directions on what they gave a few people.. I followed directions for a few other people had.. I ran the FRST.exe and did this fix

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by BillyD at 2015-04-08 13:50:20 Run:1
Running from C:\Users\BillyD\Desktop\Virus folder
Loaded Profiles: BillyD (Available profiles: BillyD)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{2BA9D3A6-96CE-4B1C-862B-9253AC5E26EE} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 501.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:50:39 ====

 

Than i ran Delfix seems to be fine now.. and faster

 

I'll still try and find a link for it..






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users