Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.com appearing every time


  • Please log in to reply
3 replies to this topic

#1 J-r-Diaz

J-r-Diaz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 AM

Posted 21 November 2017 - 11:32 PM

I have a windows 7 pc and all of the sudden i cant open file explorer or chrome along with may other things without the svchost.com needs to run window appearing. I"m not sure if its a virus or a system error. Can anybody help me this is the family"s main pc and without it a lot of person media will be lost.


Edited by hamluis, 22 November 2017 - 06:51 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 joseibarra

joseibarra

  • Members
  • 1,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:11:06 PM

Posted 22 November 2017 - 06:19 AM

There is no svchost.com in Windows 7 (there is a svchost.exe) and looking at the Bleeping Computer file database I see:

 

Added by the W32/Rbot-EU trojan backdoor. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This infection also attempts to terminate various processes including other infections.

 

Perhaps somebody will move your topic to the Am I Infected forum for some analysis.

[attachment=199836:Untitled.jpg]


The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#3 J-r-Diaz

J-r-Diaz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 AM

Posted 22 November 2017 - 11:09 AM

this is the message i keep on getting 

https://ibb.co/dhLViR


Edited by J-r-Diaz, 22 November 2017 - 11:10 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:06 PM

Posted 22 November 2017 - 11:22 AM

Do not run it...

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:

  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system
Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users