the only option I get is to abort the connection which I do.
I have run boot scans and normal scans and avast finds nothing although the virus is mentioned in the second most recent vps.
Another worrying this is that the avast script blocker apears out of no where loads up and disappears could something be making a connection to the net when this happens?
any advice from you guys would be great and sorry my first post is asking for help.
When you have finished, scan for out-of-date and insecure software using Secunia Software Inspector and update any vulnerable software: this will help to prevent future infections.
Please break the urls to the infected/suspect files in your post to avoid accidental exposure to malware.
e.g. http :// 81.29.241.180 /acc2/spoolsv32.exe although the \ at the end of the url does result in a “Can`t fetch file pointed by your url. This may be caused by several reasons:” error on the DrWeb link checker.
Thanks for the advice I will definately give it a try.
Just to advoid any confision by malware you are refering to spyware? If so I have scanned with latest updates of spybot and adaware.
Avast does have the virus listed on its second last virus update whihc I have and when I run normal scans and boot scans nothing is found.
Do you have an opinions on why the script blocker is running speradically when the PC is on is something managing to get out or is it blocking something?
Hi David I have made a change now let me know if that does the trick.
Malware means malicious software, which can refer to viruses, worms, Trojans, spyware and even some adware.
In this case we’re probably looking for a Trojan downloader or a worm.
There’s a lot of overlap between different scanners anyway, so the definition is not that important.
avast! detects what the malware on your computer is trying to download from the website and is blocking the download, but it does not detect the malware itself.
This could be because the malware (Trojan dowmloader or worm) on your computer is hidden, or it’s not in avast!'s definitions.
So the steps to take are a) scan for possible rootkits hiding the malware and b) try some other scanners to see if they can find it.
After the latest update to avast It instantly picked up 2 virus’s which I moved to the chest as opposed to deleting and run Trend Micros Housecall which found a few more unwanteds which I deleted. Although I had done this the NTKRNL still remained at start up, I went searching for the file whcih could be loading this in the system32 folder I found NTKRNLPA.exe . This was very similiar to the splash screen I was getting except it was PE, I thought it was a bit to much of a coincidence so I removed this file to the desktop and archived it. When the PC rebooted Success the NTKRNL was gone and the outgoing connections had stopped.
Thanks for all the help guys but I was wondering if I can run something else by you.
I am concerned with the amount of SVCHOST.EXE s running on my pc. Comodo my firewall believes that seomthing on the pc is modifying these before they make outgoing connections. At the last count I had 4 running but I have seen many more that this run at any given time.
I am slightly concerned as sometimes they can be using up to 22ks worth of memory. Not a great deal to lose I know but thats alot of memory consider IE takes about the same amount up when its running.
Sorry to ask again but any advice or opinions would be great.
There will always be multiple occurrences of svchost.exe running (care should be taken on the spelling as that is a common tactic) as it is a service host.
I currently have 4 occurrences of svchost.exe running, you can use a tool like process explorer to investigate what it is running but there is an easier way.
The infamous SVChost.exe issue
To find out what is using the SVCHOST Service.
Windows Start, Run, type (or copy and paste) “cmd.exe /k tasklist /svc > c:\tasklist.txt” without the quotes - this opens a command window and runs the tasklist for services, the > c:\tasklist.txt outputs the results to the file and location given:
It is difficult to say what to lookout for or avoid as the permutations are endless, all sorts of things hook on to svchost, but for the most part they are valid and don’t ask for outbound connections. For the listed names of processes using svchost they are likely to be windows functions/services and will show on the services.msc command. You can also google any suspect service/function using svchost.exe.
What I would suggest you copy this tip (and possibly a link to theTopic) into a notepad text file so you can remember it and use the command string when you want to check out what is using svchost.exe.
