I need help with svchost.exe popups too

Hello!

My Avast is blocking some suspicious urls (alwaysiso… anyhicago…, not exactly but close to it!) and I see that others have encountered the same problem here, it is indeed also related to the “svchost.exe”.

Note: I provided the aswMBR log but it’s not the full scan because it seems frozen right now so I just clicked the “Save log” button to at least get something. The other three logs are fine.

Thank you for your help!

Hello,

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
C:\Users\Samuel\AppData\Local\Google\Chrome\User Data\Default\Preferences;f
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Okay, I have done as asked and while restarting my computer, the popups did not appear (good, at least!)

I have attached the results and also an image that shows Avast reporting zoek as being a threat, I guess it is fake? Should I then delete zoek if you tell me that we are done?

Other question: If I am using Pale Moon as a browser, why would you have to clean the Chrome folder in your script? Did you see something threatening in that folder?

Anyway, thank you, and when everything is finished and clean, you shall receive a donation :wink:

Edit: Oh, and do you need that last log file from me? I need to go to sleep now and I will run the scan while sleeping, I can post it here tomorrow!

Yes, Zoek is legitimate tool.

I delete Chrome preferences file, because there are a lot of cases these days with hijacked preferences malware, so I always reset it.

Is everything fine now?

Hmm it’s still doing it actually :frowning:

And I still could not run the last program, it freezes at some point.

So, problem is still there.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

There you go!

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

There you go!

How is the situation now?

I am connected by distance on my computer now and I did not see anything bad happen, but I am still a bit suspicious. I will be able to confirm everything later on! Thank you for now anyway.

Thank you very much TwinHeadedEagle, everything seems to be working fine now!

Glad I could help. We will delete all used tools and I’ll give you some tips to harden your security and learn how to protect yourself :slight_smile:

Recommended reading:

http://forum.programosy.pl/images/smilies/icon_exclaim.gif
MUST READ - security tips:

[]Computer Security - a short guide to staying safer online.
[
]Simple and easy ways to keep your computer safe and secure on the Internet

http://forum.programosy.pl/images/smilies/icon_exclaim.gif
MUST READ - general maintenance:

[*]What to do if your Computer is running slowly?

The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

[]How to configure and use Automatic Updates in Windows
[
]How to update Java
[*]How to update Adobe Reader

Recommended additional software:

http://forum.programosy.pl/images/smilies/icon_arrow.gif
CCleaner - to clean unneeded temporary files.

http://forum.programosy.pl/images/smilies/icon_arrow.gif
Malwarebytes’ Anti-Malware - to scan your system from time to time in search for malware.

http://forum.programosy.pl/images/smilies/icon_arrow.gif
Malwarebytes’ Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

http://forum.programosy.pl/images/smilies/icon_arrow.gif
McShield - to prevent infections spread by removable media.

http://forum.programosy.pl/images/smilies/icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

http://forum.programosy.pl/images/smilies/icon_arrow.gif
Adblock - to surf the web without annoying ads!

Post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

[*]Run the tool by right click on the
http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png
icon and Run as administrator option.
[*]Make sure that these ones are checked:

[]Remove disinfection tools
[
]Purge system restore
[*]Reset system settings

[*]Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:[B]DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you’re happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif

Thank you!

Stay safe,
TwinHeadedEagle :slight_smile:

I have sent my donation to you. Thank you!

Also, maybe you should check your links from your last post, some of them are not working, at least for me, but I just had to fix the url to access them.