system
March 26, 2015, 12:09pm
1
Yesterday, for the first time, appears to me a message from Avast motioning to me that I had a virus called svchost.exe, located in System32. As far as I know, if this file is in the System32 folder, isn’t a virus, but some viruses can camouflaged under that name.
Because Avast tells me that it is a virus? I have Windows 7 Home Premium 64-bit with all updates installed, MalwareBytes updated and MalwareBytes not detected any virus, and Avast either.
Please, help me.
that I had a virus called svchost.exe
that is the detected file name ... not the malware name.
avast should give a malware name eksample Win32:Malware-gen .... so what name does avast give?
Logs to assist in cleaning malware https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs here for reciving help
essexboy will then check logs and assist you when he is online later today
system
March 26, 2015, 12:27pm
4
Logs to assist in cleaning malware https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs here for reciving help
essexboy will then check logs and assist you when he is online later today
Ok, thanks you very much!
system
March 26, 2015, 12:28pm
5
that I had a virus called svchost.exe
that is the detected file name ... not the malware name.
avast should give a malware name eksample Win32:Malware-gen .... so what name does avast give?
If I remember correctly, Avast tells me something of patch 195 and update. When it reappears again, I enclose a picture around here.
system
March 26, 2015, 12:39pm
6
Here the results of Farbar Recovery San Tool.
This should stop the alerts
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
BootExecute: autocheck autochk * ???j?
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-4181584166-3751067220-3969494250-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-20]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
2015-03-26 01:48 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Raul\AppData\Local\Torch
2015-03-26 01:48 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Raul\AppData\Local\Chromatic Browser
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Torch
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Google
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Comodo
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Chromatic Browser
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Torch
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Google
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Comodo
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Chromatic Browser
2015-03-26 01:47 - 2014-02-23 17:39 - 00000000 ____D () C:\Users\Raul\AppData\Local\Google
2014-06-17 13:37 - 2014-06-17 13:37 - 0000000 _____ () C:\Users\Raul\AppData\Local\{F4174649-9D8D-4B2C-9F54-EE255CD4C410}
Task: {16502A65-595A-46F3-AF51-BCAA9E8F0285} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {FCFF118A-52DD-46C8-BC34-0072E8D010A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan .
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok .
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
system
March 26, 2015, 6:05pm
8
Thanks for answer, essesboy! Here the results:
system
March 26, 2015, 6:15pm
9
Ah from the screenshot it seems as though Avast is blocking a windows update for some reason
I wonder if it is a defender update file… Although delta patch generally relates to live mail
I will forward to Avast
system
March 26, 2015, 8:31pm
11
Ok, thanks for your help and kindness, essexboy. I wait for the answer from Avast team.
But, I can usually rest assured that it isn’t a virus that will damage my PC? How is my PC, by the reportedly attached?
The initial fix removed some adware that uses chrome, but as you don’t have that it was a bit wasted
How is the computer behaving otherwise ?
system
March 26, 2015, 8:58pm
13
The initial fix removed some adware that uses chrome, but as you don’t have that it was a bit wasted
How is the computer behaving otherwise ?
Perhaps a little more slowly. The only thing is that the overnight, this message of Avast appeared. It’s a bit annoying because it shows me more than once.
Also say one thing, the task manager shows me a svchost.exe consumes lots of memory. It is normal? By the way, I have Malwarebytes Anti-Exploit Premium (trial version). I do not know if that’s the cause of this consumption.
https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-xpf1/v/t1.0-9/11010985_939429402747596_1879819318927180229_n.jpg?oh=5c7c94eb5068bc22aca648628caeef01&oe=5573A907&__gda__=1433650797_ac3d98ba39abcc6039992ca6fbf2c541
Yesterday, this came to eat up more than 500,000 Kb.
A program checked if the file had some virus, but said that not.
Svchost is the workhorse file of your system and a lot of programmes use it so several copies of it will show
As a lot of files were removed it may well be worth doing a quick defragment of your hard drive
system
March 26, 2015, 10:07pm
15
Svchost is the workhorse file of your system and a lot of programmes use it so several copies of it will show
As a lot of files were removed it may well be worth doing a quick defragment of your hard drive
Yes, but you don’t have the memory consumption that I have. xD
system
March 26, 2015, 10:31pm
16
Wierd since de download comes from Microsoft update an Avast is saying that de file am_delta_patch is not digitally signed. Wierder that it belogs to MpCmdRun.EXE and that is Windows Defender and Security Essentials.
system
March 26, 2015, 10:46pm
17
So it may be a false positive of Avast? I attached all possible files to check if my PC is infected with virus.
system
March 26, 2015, 10:54pm
18
Essexboy gave you a clean bill of health and reported your case so it just a matter of waiting and see what Avast finds out.
system
March 26, 2015, 10:58pm
19
He gave me a clean bill of health? I didn’t see it, sorry! :-[
system
March 26, 2015, 11:08pm
20
The initial fix removed some adware that uses chrome, but as you don’t have that it was a bit wasted
How is the computer behaving otherwise ?
He did not find anything else and he is aking how you feel the system. If you report strange behavior, popus, freezing, BSOD he would have run more tests otherwise he did not see fit to do anything else.