Avast! Spam Notifications About "C:\Windows\syswow64\svchost.exe"

So my computer has had a virus problem for about 7 months now. First it hijacked my desktop, fixed that, then it started to make my computer crash during startup, fixed that with Avast!, and now after a 14 and a half hour QUICK SCAN of my computer I still get spammed about a Malicious URL being blocked from “C:\Windows\syswow64\svchost.exe”.

http://i1163.photobucket.com/albums/q546/maximombro/Error2.png

Here is an image of the notification.

Follow the Directions here: http://forum.avast.com/index.php?topic=53253.0

OTL, Malwarebytes, Adwcleaner and AswMBR logs need to be attached.

they should be run in this order

AdwCleaner / Malwarebytes / OTL / aswMBR
reason… OTL log and fix will be smaller when AdwCleaner/Malwarebytes have removed what they find first. :wink:

Monitoring… :slight_smile:

Sorry about the wait, I had to go away from the computer for a day. Here are the logs in the attachments.

Hi,

Thanks for posting those. After seeing the results of aswMBR I would like to get another look with a different tool before we begin cleaning…

http://i.imgur.com/weVCzW0.jpg
Please download TDSSKiller

[*]Double click TDSSKiller.exe
[*]Press Start Scan but do nothing else as we are just looking for what is there.
[*]If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
[*]Attach the log in your next reply

[*]A copy of the log will be saved automatically to the root of the drive (typically C:)


Here is the TDS Killer log and quick question: Does the fact that I only have 25 Gigabytes on a 1 Terabyte drive accounting to this?

Hi,

No TDSSKiller is just really fast. :slight_smile:

Ok…run TDSSKiller again and when you see this >> \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) be sure to select Cure this time. Let the tool run and then attach the new log that should be made. If you have problems please let me know.

Here is the new log.

Very good…that got rid of a particularly nasty one.

ComboFix

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.


IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here


Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.

Here is the ComboFix log.

Please go to: VirusTotal
On the page you’ll find a “Choose File” button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

c:\program files (x86)\GUTD3C3.tmp

Next, click the Open button.
Then click the “Scan It!” button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

Here is the link, It says it’s safe on all fronts. And Avast! appears to have stopped spamming me.
https://www.virustotal.com/en/file/3163c0332b053b97d49021cf0b611c4ebf61fdd74b71edd3126231266b5e67cd/analysis/1377312208/

Good…how is your system running now? :slight_smile:

Running well, I haven’t had anymore crashes (knock on wood). Thanks for the help.

Ok great! :slight_smile:

When you ran OTL there should have been a log named Extras.txt? Could you attach that please? If you do not have it please do the following…

http://i.imgur.com/ttLR1ki.jpg
Please open OTL.

[*]Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, click the None button near the top (it may looked greyed out)
[*]In the Extra Registry section change it to All
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open 2 notepad windows, OTL.Txt and Extra.txt. Please post the Extra.txt.

Here is the original Extras.txt

Hi,

http://i.imgur.com/GUZVCQN.jpg
Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
[*]Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.[*] Turn off the real time scanner of any existing antivirus program while performing the online scan[*]Tick the box next to YES, I accept the Terms of Use.[*]Click Start[*]When asked, allow the activex control to install[*]Click Start[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.[*]Click Scan[]Wait for the scan to finish[]When the scan is done, if it shows a screen that says “Threats found!”, then click “List of found threats”, and then click “Export to text file…”[] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[]Close the ESET online scan, and let me know how things are now.

Still here?