Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked Computer ?


  • Please log in to reply
2 replies to this topic

#1 Utopia

Utopia

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 17 October 2006 - 06:52 AM

Hi

I have some problems with my computer and
can't figure it out by myself. I suspect the computer
is hijacked or infected with some serious malware/viruses.

I tried running AVG, Spybot, Ad-Aware etc
but it feels like I'm only skimming the surface
of the problem.

The computer is lagging more than it should, especially
at startup. I checked Task Manager and there's a file
called svchost.exe that hogs all the resources, but it's
needed for accessing the web so I can't shut it down.
I suspect this file is infected.

If you can help me, try to keep it simple as
I hardly even know what a firewall is.

I've got Windows XP Professional, and use Explorer or
Opera.

Thanx in advance.

BC AdBot (Login to Remove)

 


#2 fleamailman

fleamailman

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Location:geneva switzerland
  • Local time:09:41 PM

Posted 17 October 2006 - 06:58 AM

here is a link to security here
- follow the steps mentioned in the link
- if at the end of the steps your computer is still infected the link mentioneds how to have ones system checked by the hjt log reading

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

if you start a new thread there, please edit this thread to read as solved or closed
everyday is a gift

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:41 PM

Posted 17 October 2006 - 06:06 PM

Svchost.exe is a generic host process name for services that are run from dynamic-link libraries called DLLs. This is a valid system process that belongs to the Windows Operating System which handles processes executed from DLLs. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging.

One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However it then places itself in a different location on your computer. In XP, the legitimate Svchost.exe file is located in your system folder: C:\WINDOWS\system32\svchost.exe

Other legitimate copies can be found in the following folders:
C:\I386
C:\WINDOWS\ServicePackFiles\i386\
C:\WINDOWS\$NtServicePackUninstall$\
and a prefetch file located here: C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf

If svchost.exe is running as a startup/shows in msconfig, this can be bad. See here and here.
Also make sure of the spelling. If its scvhost.exe this a trojan. See here and here.

In addition to the other scans in the Prep Guide, download and scan with AVG Anti-Spyware 7.5 in "SAFE MODE".
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware). Be sure to print out the AVG Anti-Spyware Install-Scan Instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users