MAL svchost.exe infection

Hi,

Another user with the schost.exe infection. At random intervals, anywhere from 2 to 20 threats are detected from svchost.exe.

Nothing can find it. Does anyone know where it has come from?

I’ve already run ZOEK, my log is attached. Thanks in advance for any help.

Please do not copy/paste the logs, but attach them to your post.

https://forum.avast.com/index.php?topic=53253.0

Apologies, amended.

You will need to use FRST to kill this

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

Thanks essexboy.

Please find the logs attached!

Let me know if this stops it :slight_smile:

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: 2015-06-10 23:36 - 2015-06-10 23:36 - 1041226 _____ () C:\Users\Dale\AppData\Local\dqz2jtix.cmt 2015-06-10 23:35 - 2015-06-10 23:35 - 92215522 _____ () C:\Users\Dale\AppData\Local\vvkmrroj.w5k EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Hi essexboy,

That seems to have done it! I’d receive the alerts, without fail, if I reset my switch. After your fix this has stopped.

As requested, please find attached my log.

Many thanks for sorting this! Is it known where this has come from? Seems to be effecting a lot of users.

The main reason why a lot of people appear to get this is that, as far as I am aware, it is only Avast that detects it

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Ahh okay. :slight_smile:

That’s now been run. Thankyou very much!