I recently installed avast! Free and had a malware problem with “MS Removal Tool”. I’ve run Malwarebytes’ Anti-malware and that detected and cleaned up some things. After reinstalling avast several times, and finaly running a repair to get it to work, if I run a full scan in safe mode it detects one infected file but there are no options to identify or deal with it. When I run a scan in normal mode no threat/infection is detected. I now have problems with a svchost.exe service running 100% of CPU and avast pop up notices “Malicious URL Blocked” that seem to be related to the service.
Is there a fix for the svchost problem?
What to do with the “infected” file? Try another AV?
Hard to complain about something that’s “free” but I already have way more time (lost) in this than the machine is worth. Fortunately I don’t think I’ve lost any data. I’ve run both the paid and free versions of avast for a couple years before without any problems.
Whilst this may not be directly responsible to your problem it is at least associated. XP SP3 has been out for almost two years and that did improve security of XP. Security updates ceased for XP SP2 almost a year ago, so once this is resolved you should get the XP SP3 update.
Trying another AV won’t resolve your problem.
You aren’t actually seeing an infected file being reported, just that svchost.exe is being used maliciously by a hidden/undetected process and it is that which needs to be found.
You may have a MBR rootkit infection and this rootkit is likely to be hiding what is responsible for the attempted connections to what are no doubt malicious sites.
Try this tool to confirm one way or another if you have an MBR rootkit:
Well it doesn’t look like you have an MBR rootkit as the aswMBR scan report is usually very clear about the detections.
Though I haven’t see a report like this one, seems like it detects two hard disks, but can’t find the device for one of them.
13:37:38.828 Device \Device\00000077 → ??\IDE#DiskWDC_WD1600JS-22MHB0_____________________02.01C03#2020202057202D4443574E41314D353036373331#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
Do you have two hard disks (Western Digital and a Seagate) ?
Can you post the log of your last MBAM scan to see what it found.
Ah didn’t even notice the topic hijacking by Coastal-Delaware, who should start their own new topic. Post the requested MBAM scan logs there and the reason why you felt the need to run the aswMBR scan at all.
Sorry for the thread hijack. He seemed to have the same issue as me.
I do have two hard drives. I do have mbam installed. Had to use it to get rid of the Windows Recovery Virus a few days ago. There is still something lurking on my computer.
Seeming to be the same doesn’t really matter it is trying to help multiple on the same topic becomes confusing for all concerned. So you need to start you own new topic and abandon this one.
I don’t see anything conclusive, but that doesn’t mean that there isn’t, so I will try to get essexboy top look at it. In the meantime if you can run another tool to gather some information for him when he is back on the forums later today. It is now 2:40 am here, and he is usually on the forums around 7pm UK time.
Note: this says attach the file (to big for copy and paste, use the Additional Options in the Reply window to attach the file.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.