system
June 24, 2015, 9:45am
1
Hi,
Another user with the schost.exe infection. At random intervals, anywhere from 2 to 20 threats are detected from svchost.exe.
Nothing can find it. Does anyone know where it has come from?
I’ve already run ZOEK, my log is attached. Thanks in advance for any help.
Eddy
June 24, 2015, 9:56am
2
Please do not copy/paste the logs, but attach them to your post.
https://forum.avast.com/index.php?topic=53253.0
You will need to use FRST to kill this
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note : You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.
system
June 25, 2015, 1:20pm
5
Thanks essexboy.
Please find the logs attached!
Let me know if this stops it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
2015-06-10 23:36 - 2015-06-10 23:36 - 1041226 _____ () C:\Users\Dale\AppData\Local\dqz2jtix.cmt
2015-06-10 23:35 - 2015-06-10 23:35 - 92215522 _____ () C:\Users\Dale\AppData\Local\vvkmrroj.w5k
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
system
June 25, 2015, 6:35pm
7
Hi essexboy,
That seems to have done it! I’d receive the alerts, without fail, if I reset my switch. After your fix this has stopped.
As requested, please find attached my log.
Many thanks for sorting this! Is it known where this has come from? Seems to be effecting a lot of users.
The main reason why a lot of people appear to get this is that, as far as I am aware, it is only Avast that detects it
Remove tools
Download and run Delfix
Select the options as shown
https://dl.dropboxusercontent.com/u/73555776/delfix.JPG
system
June 25, 2015, 6:52pm
9
Ahh okay.
That’s now been run. Thankyou very much!