Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Autoscansvc


  • This topic is locked This topic is locked
4 replies to this topic

#1 JohnBailo

JohnBailo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 03 October 2015 - 10:56 PM

While trying to diagnose a slow Windows 7 system, I found this in my Windows Services list (no description) 

 

AutoScanSvc

 

See attached screen capture.   The Stop/Start/Pause/Resume buttons are all greyed out.
The drop down has it set to Auto.
(Since I can set it to Disabled I think I will and reboot.)

 

The service starts:


"C:\Windows\autoscan\AutoScanSvc.exe" run

 

 

In C:\Windows\autoscan are these files:
 

10/03/2015  07:28 AM    <DIR>          .
10/03/2015  07:28 AM    <DIR>          ..
04/24/2013  10:31 AM               798 AutoScanSvc Install.lnk
04/24/2013  10:31 AM               796 AutoScanSvc Remove.lnk
10/03/2015  04:07 PM            22,525 AutoScanSvc.dat
07/22/2015  09:53 AM         1,000,563 AutoScanSvc.exe
10/03/2015  07:32 AM             4,031 AutoScanSvc.log
10/01/2015  08:25 PM            68,387 AutoScanSvcSetup.log
               6 File(s)      1,097,100 bytes
               2 Dir(s)  134,971,785,216 bytes free
 
 
Should I worry?

I recently ran ComboFix and AdwCleaner on this machine.  
 
ComboFix identified it here:
 
R2 AutoScanClient;AutoScan Client;c:\windows\autoscan\AutoScanSvc.exe run [x]
 
But not sure if did anything about it.
 
My logs are attached.
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 JohnBailo

JohnBailo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 06 October 2015 - 12:11 PM

I ended up doing an sc -delete autoscansvc since leaving it disabled did not seem to affect anything.

Eventually I'll delete the .exe files on disk when I'm really sure it does nothing or is absolutely malware.



#3 polskamachina

polskamachina

  • Malware Response Team
  • 4,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 PM

Posted 06 October 2015 - 09:52 PM

Hi JohnBailo :)
 
Let me officially welcome you to the Virus, Trojan, Spyware, and Malware Removal Logs forum. My name is polskamachina and I will be helping you with your malware issues.

What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's begin.
 
First, please click on this link and carefully read the preparation guide. I would like you to replace the instructions in steps 6 and 7 with the ones below.
 
Please download the 32-bit version of the Farbar Recovery Scan Tool and save it to your Desktop.

  • Right-click FRST then click Run as administrator.
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory from which the tool was run.
  • Please copy and paste the log into your next reply to me.

The first time the tool is run it generates another log, Addition.txt, which also located in the same directory from which the tool was run. Please copy and paste that along with the FRST.txt into your next reply to me.

 

In summary I will need from you:

  • FRST.txt
  • Addition.txt
  • Brief summary of how your computer is running. For example, are there any problems with browsing or opening programs?

Let me know if you have any questions.

 

polskamachina



#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 PM

Posted 10 October 2015 - 10:21 AM

Hi JohnBailo :)

 

It's been a while since you've checked in. Did you still need help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.

 

polskamachina



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:35 AM

Posted 25 October 2015 - 04:16 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users