Avast and svchost.exe

Yesterday, for the first time, appears to me a message from Avast motioning to me that I had a virus called svchost.exe, located in System32. As far as I know, if this file is in the System32 folder, isn’t a virus, but some viruses can camouflaged under that name.

Because Avast tells me that it is a virus? I have Windows 7 Home Premium 64-bit with all updates installed, MalwareBytes updated and MalwareBytes not detected any virus, and Avast either.

Please, help me. :cry:

that I had a virus called svchost.exe
that is the detected file name ... not the malware name. avast should give a malware name eksample Win32:Malware-gen .... so what name does avast give?

Logs to assist in cleaning malware https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs here for reciving help

essexboy will then check logs and assist you when he is online later today

Ok, thanks you very much! :smiley:

If I remember correctly, Avast tells me something of patch 195 and update. When it reappears again, I enclose a picture around here.

Here the results of Farbar Recovery San Tool.

This should stop the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: BootExecute: autocheck autochk * ???j? GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Toolbar: HKU\S-1-5-21-4181584166-3751067220-3969494250-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-20] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] 2015-03-26 01:48 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Raul\AppData\Local\Torch 2015-03-26 01:48 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser 2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Raul\AppData\Local\Chromatic Browser 2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Torch 2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Google 2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Comodo 2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Chromatic Browser 2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch 2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Torch 2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Google 2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Comodo 2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Chromatic Browser 2015-03-26 01:47 - 2014-02-23 17:39 - 00000000 ____D () C:\Users\Raul\AppData\Local\Google 2014-06-17 13:37 - 2014-06-17 13:37 - 0000000 _____ () C:\Users\Raul\AppData\Local\{F4174649-9D8D-4B2C-9F54-EE255CD4C410} Task: {16502A65-595A-46F3-AF51-BCAA9E8F0285} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {FCFF118A-52DD-46C8-BC34-0072E8D010A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Thanks for answer, essesboy! Here the results:

The alert appears again: :frowning:
https://scontent-mad.xx.fbcdn.net/hphotos-xaf1/v/t1.0-9/22287_939355309421672_2274887533409087596_n.jpg?oh=19bdd1d7265f56352e1a8196c95fcaad&oe=55ADA81A

Ah from the screenshot it seems as though Avast is blocking a windows update for some reason

I wonder if it is a defender update file… Although delta patch generally relates to live mail

I will forward to Avast

Ok, thanks for your help and kindness, essexboy. I wait for the answer from Avast team.

But, I can usually rest assured that it isn’t a virus that will damage my PC? How is my PC, by the reportedly attached?

The initial fix removed some adware that uses chrome, but as you don’t have that it was a bit wasted :slight_smile:

How is the computer behaving otherwise ?

Perhaps a little more slowly. The only thing is that the overnight, this message of Avast appeared. It’s a bit annoying because it shows me more than once.

Also say one thing, the task manager shows me a svchost.exe consumes lots of memory. It is normal? By the way, I have Malwarebytes Anti-Exploit Premium (trial version). I do not know if that’s the cause of this consumption.

https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-xpf1/v/t1.0-9/11010985_939429402747596_1879819318927180229_n.jpg?oh=5c7c94eb5068bc22aca648628caeef01&oe=5573A907&__gda__=1433650797_ac3d98ba39abcc6039992ca6fbf2c541

Yesterday, this came to eat up more than 500,000 Kb.

A program checked if the file had some virus, but said that not.

Svchost is the workhorse file of your system and a lot of programmes use it so several copies of it will show

As a lot of files were removed it may well be worth doing a quick defragment of your hard drive

Yes, but you don’t have the memory consumption that I have. xD

Wierd since de download comes from Microsoft update an Avast is saying that de file am_delta_patch is not digitally signed. Wierder that it belogs to MpCmdRun.EXE and that is Windows Defender and Security Essentials.

So it may be a false positive of Avast? I attached all possible files to check if my PC is infected with virus.

Essexboy gave you a clean bill of health and reported your case so it just a matter of waiting and see what Avast finds out.

He gave me a clean bill of health? I didn’t see it, sorry! :-[

He did not find anything else and he is aking how you feel the system. If you report strange behavior, popus, freezing, BSOD he would have run more tests otherwise he did not see fit to do anything else.