hello friends !!! i am new to this forum. i need some help. my svchost.exe file malfunctions and the programs stop running at intervals. sometimes a mesage comes up:some data got to be written somewhere but got written somewhere.after which the svchost.exe malfunctions. thx in advance ???
Hello Pulock2009,
1)upload the file svchost.exe to www.virustotal.com and paste the link here.
-
get mbam, do an update, perform full system scan, remove the infections and reboot if needed.
-
please, post the log here. (use additional options while posting.)
nmb
out of the 2 tasks that u advised me to carry out only one of them was successful:i could only upload the svchost.exe file. when i tried to download the mbam through my mozilla firefox browser the download finished message appeared 2 early.later the exe file when double clickd showed that it was corrupted.interesting to note that this problem has occured earlier also a lot many times.i have not yet checked my e-mail. i wonder how long the report would take to reach?thanks for ur advice!!
I think you forgot to paste the link to virustotal.
get the mbam setup file from other clean pc on to a pen drive and aslo the mbam rules : http://www.malwarebytes.org/mbam/database/mbam-rules.exe
disconnect your pc from the internet so you don’t infect other guys on the net.
install it in your pc. run the updater and scan. if mbam doesn’t start, change the name of the file to xxx.exe and then try.
post back the log.
nmb
i couldnot upload properly:it took too much time!!! so i sent it by e-mail. i have not yet recieved the confirmation e-mail.i checked my e-mail account just a few minutes back!!!i have started doing all my activities through a guest account.will that be helpful???personally, i have seen reduction in virus activities like slowing down , hanging, suddenly the antiivirus showing virus alerts etc.(i have avast .i update it regularly).as for the mbam i will try doing something.thx anyways!!
if you use guest account its very safe. as it 97 % of malware can do nothing to your system due to limited access to system files. you will be very much helpful if you use a limited user account like the guest one.
nmb
heres the report i got:
svchost.exe analysis::::::::::
MD5: 8f078ae4ed187aaabc0a305146de6716
First received: 2007.06.16 14:53:55 UTC
Date: 2009.10.14 15:15:38 UTC [+1D]
Results: 0/41
Permalink: analisis/16593943861d03d508f37f60e41240dee14221e76f625835487f73d5010ac18a-1255533338
Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.14 -
AhnLab-V3 5.0.0.2 2009.10.13 -
AntiVir 7.9.1.35 2009.10.14 -
Antiy-AVL 2.0.3.7 2009.10.14 -
Authentium 5.1.2.4 2009.10.14 -
Avast 4.8.1351.0 2009.10.13 -
AVG 8.5.0.420 2009.10.14 -
BitDefender 7.2 2009.10.14 -
CAT-QuickHeal 10.00 2009.10.14 -
ClamAV 0.94.1 2009.10.14 -
Comodo 2599 2009.10.13 -
DrWeb 5.0.0.12182 2009.10.14 -
eSafe 7.0.17.0 2009.10.14 -
eTrust-Vet 35.1.7067 2009.10.14 -
F-Prot 4.5.1.85 2009.10.14 -
F-Secure 8.0.14470.0 2009.10.14 -
Fortinet 3.120.0.0 2009.10.14 -
GData 19 2009.10.14 -
Ikarus T3.1.1.72.0 2009.10.14 -
Jiangmin 11.0.800 2009.10.08 -
K7AntiVirus 7.10.870 2009.10.14 -
Kaspersky 7.0.0.125 2009.10.14 -
McAfee 5770 2009.10.13 -
McAfee+Artemis 5770 2009.10.13 -
McAfee-GW-Edition 6.8.5 2009.10.14 -
Microsoft 1.5101 2009.10.14 -
NOD32 4507 2009.10.14 -
Norman 6.01.09 2009.10.14 -
nProtect 2009.1.8.0 2009.10.14 -
Panda 10.0.2.2 2009.10.14 -
PCTools 4.4.2.0 2009.10.14 -
Prevx 3.0 2009.10.14 -
Rising 21.51.24.00 2009.10.14 -
Sophos 4.46.0 2009.10.14 -
Sunbelt 3.2.1858.2 2009.10.14 -
Symantec 1.4.4.12 2009.10.14 -
TheHacker 6.5.0.2.041 2009.10.14 -
TrendMicro 8.950.0.1094 2009.10.14 -
VBA32 3.12.10.11 2009.10.14 -
ViRobot 2009.10.14.1984 2009.10.14 -
VirusBuster 4.6.5.0 2009.10.14 -
Additional information
File size: 14336 bytes
MD5 : 8f078ae4ed187aaabc0a305146de6716
SHA1 : da0ff4006859a7580aba81f486f692dead2014fe
SHA256: 16593943861d03d508f37f60e41240dee14221e76f625835487f73d5010ac18a
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2509
timedatestamp…: 0x41107ED6 (Wed Aug 4 08:14:46 2004)
machinetype…: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2C00 0x2C00 6.29 6fc4d075dfb37185ffae8eacb467b822
.data 0x4000 0x1F0 0x200 1.61 553c0ebbbc67abab785f2065a062b522
.rsrc 0x5000 0x418 0x600 2.54 2997285df9158db5a62ffb42a2fd0d07
( 0 imports )
( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=8f078ae4ed187aaabc0a305146de6716
ssdeep: 384:cpiRrTp13SkhnRCwOV5JpeLCdw9rDpWCl8CbW:dT/3Ska6Lh8C
PEiD : -
PDFiD : [‘-’, None, None]
RDS : NSRL Reference Data Set
( Gateway )
Gateway Operating System Windows XP Pro Edition SP2: SVCHOST.EXE, svchost.exe
( Microsoft )
the md5 is at the top. by the way my guest account login has even failed to stop malware activities.i have again started getting avast alerts out of nowhwere and there were some *.scr files in my network settings
folder in the documents and settings folder. should i upload them to virustotal??upon right-clicking they show options like modify and install.!!thanks for ur advice anyways :
Running Gateway Operating System Windows XP Pro Edition SP2 leads to infections as WinXP SP3 has been available for over a year so you should go to Tools then Windows Update in Internet Explorer and install all updates as it provides performance enhancements and several Critical updates.
Go to Control panel then Automatic updates then at least enable Notify me but do not download updates.
Get Malwarebytes Anti-Malware (MBAM) then update it then run a Quick scan and let it remove all it finds:
http://www.malwarebytes.org/mbam.php
Post its log here after it completes.
Run Secunia Online Software Inspector to see what applications are vulnerable:
http://secunia.com/vulnerability_scanning/online