Avast! Malicious URL Blocked then svchost.exe load up and takes 100% CPU Usage

Viruses and worms
1

Not sure if this is the right place to post this so sorry ahead of time.

Been having this issue since last night where avast would give me this pop up image see below

http://i51.tinypic.com/nvt6q1.jpg

After this happens a svchost.exe loads up & takes a ton of CPU usage and Mem Usage see below

http://i56.tinypic.com/rbwqh3.jpg

I’ve tried running MBAM , CCcleaner, Avast Scans, Trend Micro House Call, but still this problem keeps popping up. Hoping someone here had this problem before or knows a solution thanks.

2

The Malicious URL alert in connection with svchost.exe is usually an indication that you have a rootkit on your system and most probably an MBR rootkit.

You can check if you have an MBR rootkit using this tool:

3

Hey DavidR thanks for replying.

Here’s the log after the scan was complete.

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-26 23:16:47

23:16:47.234 OS Version: Windows 5.1.2600 Service Pack 2
23:16:47.234 Number of processors: 2 586 0x6B02
23:16:47.234 ComputerName: BOAG UserName:
23:16:48.468 Initialize success
23:16:48.640 AVAST engine defs: 11062601
23:17:58.921 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\00000032
23:17:58.921 Disk 0 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
23:17:58.921 Device \Device\00000074 → ??\IDE#DiskST3500320AS_____________________________SD15____#2020202020202020202020205139304D4E443245#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
23:17:58.921 Disk 0 MBR read error 0
23:17:58.921 Disk 0 MBR scan
23:17:58.921 Disk 0 unknown MBR code
23:17:58.921 MBR BIOS signature not found 0
23:17:58.921 Disk 0 scanning sectors +976752000
23:17:58.921 Disk 0 scanning C:\WINDOWS\system32\drivers
23:18:05.093 Service scanning
23:18:06.359 Disk 0 trace - called modules:
23:18:06.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8adb54d0]<<
23:18:06.375 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x8adc3ab8]
23:18:06.375 3 CLASSPNP.SYS[b80e905b] → nt!IofCallDriver → \Device\00000075[0x8ae33f18]
23:18:06.375 5 ACPI.sys[b7f7f620] → nt!IofCallDriver → [0x8adc3030]
23:18:06.375 \Driver\nvata[0x8adc4978] → IRP_MJ_CREATE → 0x8adb54d0
23:18:06.890 AVAST engine scan C:\WINDOWS
23:26:26.625 AVAST engine scan C:\Documents and Settings\Jeremy
23:35:09.406 AVAST engine scan C:\Documents and Settings\All Users
23:37:13.093 Scan finished successfully
23:37:47.406 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Jeremy\Desktop\MBR.dat”
23:37:47.406 The log file has been saved successfully to “C:\Documents and Settings\Jeremy\Desktop\aswMBR.txt”

4

OK, another tool to check for other types of rootkit.

5

Couldn’t Post the entire log since it was to big so here are the logs after i ran TDSSKiller.

http://www.mediafire.com/?l4r5sr2l9h9ts3d

http://www.mediafire.com/file/l4r5sr2l9h9ts3d/TDSSKiller.2.5.6.0_27.06.2011_14.09.01_log.txt

6

Well the log indicates it found 1 rootkit and will be cured on reboot. So if you haven’t done so, reboot.

Now watch out for any other Malicious URL alerts by avast on svchost.exe.

7

Cool the problem is gone thanks man!

8

No problem, glad I could help.

A belated welcome to the forums.