Yep, my little sis just called and she has identified NetSvc.exe as a problem and I can’t figure how to get rid of it. Any help would be much appreciated.
We will need more information to be able to help you:
- Which OS are you using? Is it up to date?
- What avast! version and VPS file (virus database) number?
- What was the filename and path where the virus was found?
- Which actions have you taken to try solving the problem?
- Do you use a firewall? Which one?
- Do you have any other antivirus installed in your system?
- Any other security programs that could interfere?
- Any useful information into Control Panel > Administrative Tools > Events, specially ‘Errors’.
To know how to post a screenshot, see http://forum.avast.com/index.php?topic=8982.0
You can use Gadwin PrintScreen to get a screenshot (http://www.gadwin.com/printscreen/) or the free version of WinSnap 1.1.10 (http://www.filehippo.com/download_winsnap/?2173).
How has she identified it as a problem ?
What is the malware name, where was it found e.g. (malware name, C:\windows\system32\infected-file-name.xxx) ? Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.
Does your sister have a firewall, if so what ?
That should hopefully block unauthorised outbound Internet Connections, provided it has outbound protection.
A google search for netsvc.exe returns many hits, http://www.google.com/search?q=NetSvc.exe and as you can see many variants of what could be a mass-mailing worm and IRC backdoor Trojan. Howver the file name could also be legit so care has to be taken, what ever she does don’t delete a file, send it to the avast chest until it is absolutely confirmed it is malicious.
http://www.liutilities.com/products/wintaskspro/processlibrary/netsvc/
Process File: netsvc.exe or netsvc Process Name: Trojan.W32.MytobDescription:
netsvc.exe is a process which is registered as the Trojan.W32.Mytob worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open its hostile attachment. The worm has its own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process is a security risk and should be removed from your system.
Thanks heaps. Will call her today and get her to follow those steps. I know she is running Avast, but I don’t think any other firewalls. Thanks again.
No problem, let us know if you need any more help, perhaps your sister should join the forums as working through a third party will slow any process.
Welcome to the forums.
Yeah, hi i am the little sister and here are the details that were asked for.
We will need more information to be able to help you:
- Which OS are you using? Is it up to date? Windows XP, SP2
- What avast! version and VPS file (virus database) number? Avast version 4.7, File Version 000737-2, Compilation Date 30/04/07
- What was the filename and path where the virus was found? C:\WINDOWS\NetSvc.exe
- Which actions have you taken to try solving the problem? Remove with malwhere and adaware
- Do you use a firewall? Yes Which one? Windows XP Firewall
- Do you have any other antivirus installed in your system? Avast
- Any other security programs that could interfere? no
- Any useful information into Control Panel > Administrative Tools > Events, specially ‘Errors’. Not too sure what to do here.
How is your system running now ? I would recommend a firewall to stop outgoing, the windows one is not quite up to it. There are several free ones available ZONEALARM, COMMODO and PCTOOLS. If you are still having problems then
- Click here to download HJTsetup.exe
[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
And welcome to our little world ;D