MALICIOUS URL BLOCKED - svchost.exe

Hi,

While connected to the internet I receive notices from avast! saying that harmful sites that appear to be originating from ‘svchost.exe’ are being blocked by the Network Shield.

Screenshots here: http://imgur.com/a/ttwew

Please guide me in removing this malware, tell me where it could have possibly originated from, and advise me on how to avoid it from reoccurring.

Thank you.

Follow this guide and attach logs from Malwarebytes quick scan / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

Malwarebytes’ Anti-Malware Log:

http://pastebin.com/bnXknKJf

Extras.Txt:

http://pastebin.com/dXDnUjbN

OTL.Txt:

http://pastebin.com/EmTjCrmE

I can’t complete a scan using aswMBR.exe without blue screening.

so why dont you attach (not copy and paste ) the logs here ???

I also wonder why…!!

They won’t upload. I have selected them yet they won’t appear.

Edit: There they are. I’ll upload my Malwarebytes log soon.

your malwarebytes log say…no action taken ?..did you not click the remove selected button and reboot after scan ?

This log is from the second time I scanned with Malwarebytes. I selected and removed it and restarted after the first scan, but svchost.exe came back.

Ok…essexboy is on the way

Did TDSSKiller also fail to run ?

Could you go Start > Run and type in the following command :

diskmgmt.msc

This will open the disc management console
Please take a screen shot of that and post it here

Also are you able to burmn a CD

I just ran TDSSKiller and no threats were found.

http://i.imgur.com/tpYuv.png

I can burn CDs.

Could you attach the TDSSKiller log please

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

The malware persists. I still receive notices about svchost.exe.

This looks like something new, I need to check a system file out

[*]Run OTL .
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
user32.*
/md5stop
CREATERESTOREPOINT

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[]When the scan completes, it will open one notepad windows.
[
]Attach this log