Hey all my first post here (hurray)
OK. I have a Toshiba 300 Netbook and this problem occurred when Avast! was unregistered on the system… so let me explain the problem.
First of all I was directed to this site by a topic that was similar to the problem I am currently having Avast! 5 (recently activated) detect and block Malicious URL. Happens 3-6 times every reboot and the spontaneously while browsing. The URL is blocked and the process is C:\Windows\System32\Svchost.exe.
In the other fix it had mentioned User.ini as the culprit. Before i read that i ran Combo fix and it said it was deleted. However that wasn’t true as I got the same URL blockage.
It seems to be getting worse now.
Windows update will not automatically update
I try to run Hi-Jack This gets an error: The dependency service or group failed to start.
Avast! Full scan and Boot-Time Scan runs clean, as well as Malware bytes.
Manually installed Malicious Removal Tool (KB890830) Everything runs clean as a whistle and I’m certain that it isn’t.
A few svchost.exe.mui were discovered recently if that helps. being I cannot open HJT I’m unable to provide logs. Please just respond with any additional information needed.
I’m going to guess you are using Vista, based on the reported “dependency or group failed to start”. This is a known problem with HjT and Vista.
Unfortunately HjT has not been maintained by TM; no real development has taken place for probably about a year, so it’s not really up to the job any more.
It can point to common problems (and does here, see below) but you need to post the full log, which includes the OS info etc at the beginning of the log.
The problem could well be the presence of Norton Internet Security installed on the computer. You need to uninstall this - whether it is active or not - and run the removal tool available here or here. (It’s the same tool; different download sites.)
Leftovers of a previous AV can and do cause problems; this might explain yours. Let us know how you get on.
Hey thank for the welcome and hasty reply. (once again avast shows another great quality)
Ok so Its windows 7 actually and I have been trying to remove Norton with not luck and freezes when in add remove programs and there is no uninstall file.
Can this be the issue that is making svchost.exe attempt connect to malicious URLS?
Also windows has never been updated…not once… (not mine)
The reason Tarq57 had to guess at your OS is that you did not include the top part of the HJT log that gives important information. That top part is also needed to correctly analyze your HJT log.
I'm so sorry the owner of the laptop did not let me finish the work on the laptop... Angers me.... However you can tell me if what I did may have fixed the problem or just minimized it till a later date..
Okay so from the top. The first and most obvious problem that was on the Windows 7 Machine was that svchost.exe continuously tried to connect to malicious sites when connected to the internet. Windows had never received an update. Every scan I ran came up clean.
When i was reading forum topics on-line I read that malicious files sometimes hide in the systems folders: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\IE.5\Temporary Internet Files
I started in safe mode. Combo fix found (twice) Userinit.exe. After it deleted and restarted the messages still came up
Deleted all the files and folders in this address C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\IE.5\Temporary Internet Files
and at the moment avast found and chested a virus.
Restarted ran for awhile with no warnings.
Left me with the windows update which did not fix after svchost.exe problem was solved… Typing in the error I was receiving into the google search bar brought me to a site that advised me of Norton Internet Security interrupting windows update (especially if not uninstalled completely) also a TDSSKiller.exe offered by Kaspersky. I installed TDSSkkiller and it found and rid of one rootkit. I then downloaded and ran a Norton Removal Tool. I then follwed a cmd process that fixed the 800e030efe error and advised me to delete all updates and reinstall them (bonus considering it never was updated). It then restarted the computer and connected to windows update and downloaded the updates.
Nowdoes it seem like I have cured my own problem? Like i said it never got the chance to run a full scan or HJT log before he retrieved it back… He doesn’t seem to think its all that big of a deal. Do you think hes safe surfing? Did I rid of the problem?
Probably. Who can say?
None of the detection results (except possibly the TDS killer one) mean anything conclusive when there are two AV’s installed.
Removing Norton and running the tool I linked you to should have been the first thing to do, then post a full HjT (or similar) log. Deleting the temp files would have been good.
No use crying over any milk that’s spilled now, though. As I said, he is probably ok, but if that rootkit was for real, I would have wanted to do more tests and have someone seriously knowledgeable look over the logs.
I wouldn’t be emailing that friend any information that you wanted kept private, either, but I’m a bit fussy like that. In short, I would not trust that computer.
If there is any doubt in your mind, or your friend’s mind, as to the integrity of the machine, it might pay you to look at this post (and the associated thread) started by Essexboy. He’s one of the experts here - possibly the expert here - regarding this sort of thing. Follow the recommended steps, and post the results (MBAM and OTL logs) if you want this progressed.
