Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Svchost.exe and trojan


  • This topic is locked This topic is locked
45 replies to this topic

#16 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 07 December 2015 - 08:55 AM

Yes check the startup time.


Do as suggested on this section.
How to determine what is causing the problem by performing a clean boot

Make sure you use the Windows 7 method.

p.s.
If you can print the instructions for your guidance.

BC AdBot (Login to Remove)

 


#17 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 07 December 2015 - 09:38 AM

Hello,

 

Make sure you use the Windows 7 method.

 

Even though I use windows 8.1?



#18 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 07 December 2015 - 09:46 AM

No I'm sorry. My mistake.

#19 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 09 December 2015 - 02:50 PM

Hello,

 

I'm going to try this out this Friday, sorry to have to keep you waiting.



#20 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 10 December 2015 - 10:04 AM

Hello,

 

So I did the clean boot, but I noticed no boot-time differences between clean boot and normal boot.

What I did notice, was that I couldn't stop Avast from running automatically at start-up, since it would just revert it back to normal.



#21 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 10 December 2015 - 11:45 AM

This is a long shot but will try it.

Remove Avast using their uninstaller tool.

https://www.avast.com/uninstall-utility

When done restart the computer normally to reset the registry.

Reinstall the application.

Any change?

#22 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 10 December 2015 - 12:32 PM

Hello,

 

It prompts me to uninstall in safe mode, should I do this? And when installing again, should I download in safe mode or in normal mode?



#23 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 10 December 2015 - 01:49 PM

It prompts me to uninstall in safe mode, should I do this?

Yes!

You should re-install it in normal mode if you can.
Close all browsers, Windows and programs before proceeding with the install.

#24 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 10 December 2015 - 02:34 PM

Hello,

 

It's still rather slow, although it did improve slightly (from 1 minute to 53 seconds).

Does the popup that tells you update to Windows 10 affect boot-time? I'd rather not update though.



#25 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 11 December 2015 - 08:20 AM

I leave my computer on all the time.

Look at these articles and follow the instructions to stop this.

WINDOWS 10 UPDATE.
http://www.zdnet.com/article/get-windows-10-microsofts-hidden-roadmap-for-the-biggest-software-upgrade-in-history/
http://www.howtogeek.com/218856/how-do-you-disable-the-get-windows-10-icon-shown-in-the-notification-tray/
<<<>>>

Disable - remove Windows 10 update.
http://www.infoworld.com/article/2974479/microsoft-windows/how-to-get-rid-of-the-your-upgrade-to-windows-10-is-ready-lock-on-windows-update-in-win7-and-8-1.html

On a side note I understand that windows will stop offering free Windows 10 in about 12 days.
In any event you should remove the KB updates as suggested.

Make sure you have a good restore point before proceeding.

#26 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 11 December 2015 - 05:32 PM

Hello,

 

Thanks for the headsup! Didn't know it ends in 12 days. I've heard this increases boot-time, should I update? 

And can you give instructions on how to remove KB updates? (Unless you mean Windows 10 Update Popup).



#27 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 12 December 2015 - 07:57 AM

Thanks for the headsup! Didn't know it ends in 12 days. I've heard this increases boot-time, should I update?


If you use the Media Center then it's your call.
http://windows.microsoft.com/en-CA/windows/products/windows-media-center

===

Follow the instructions here to remove it.

Disable - remove Windows 10 update.
http://www.infoworld.com/article/2974479/microsoft-windows/how-to-get-rid-of-the-your-upgrade-to-windows-10-is-ready-lock-on-windows-update-in-win7-and-8-1.html

#28 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 12 December 2015 - 11:09 AM

Hello,

 

I've removed the Windows 10 Update Popup, but I'm still not booting up as fast as before. I guess I should live with it.

Can you do a final check for me to see if I'm infected or something?



#29 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 13 December 2015 - 08:18 AM

This scan may take awhile so do it when you will not need to the compute for atleat an hour.
Let it finish.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

DO NOT Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.
<<<>>>

You can also check with the Windows 8 experts in this forum.
http://www.bleepingcomputer.com/forums/f/209/windows-8-and-windows-81/

I do not have a computer with the Windows 8 operating system at the moment.
===


To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#30 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 16 December 2015 - 01:46 AM

Hello,

 

I did as you asked, the scan took 5 hours and 13 minutes though, and here's the content:

 

C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\jre1.7.0_65\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\Users\Gebruiker\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\Gebruiker\Downloads\ExtremeTalk_Install (1).exe MSIL/Stimilik.DT trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\Downloads\ExtremeTalk_Install (2).exe MSIL/Stimilik.DT trojan cleaned by deleting - quarantined
C:\Users\Gebruiker\Downloads\ExtremeTalk_Install.exe MSIL/Stimilik.DT trojan cleaned by deleting - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users