Possible Virus Problem

Viruses and worms
1

I am getting message Host Process for Windows Services stopped working and was closed. Do not know if coincidence or not but ran full scan in Malwarebytes and I stopped getting the message. When I reboot, it happens all over again. Getting message when I boot and when I access IE. Also, my screen keeps occasionaly blinking on and off while this appears.

2

Hi,

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

* When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

------ next -----

Please download zoek.zip (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

3

As requested. Thank you.

4

Hi,
Your avast! AntiVirus is Outdated. You need to run avast and update its engine and virus database.

DDS and Zoek logs doesn’t show malware traces or anything unusually.

We’ll re-launch Zoek this time with its definitions to see what will Zoek detect + when we are here, we will delete temp and junk files.

Re-run zoek as you did before with this script and post here fresh created zoek log.

autoclean;
c:\program files\GUT9460.tmp;f
emptyalltemp;

------ next ------

I would like to re-check your system with powerfull Gmer AntiRootkit tool:

Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.

[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click Scan button and wait until the full scan is complete;
[*]Click Save … - save the report to the Desktop (named Gmer1 );

[*]Right-click wherever in the GMER’s window and select Options > 3rd party - click the Scan button;
[*]Please wait until the full scan is complete;
[*]Click Save … button and save report to Desktop (named Gmer2 );
note: time scan for Gmer2 log may take some time

[*]Click the >>> and select Autostart card;
[*]After quick scan, click Copy button;
[*]Open notepad and Paste text. Save report to the Desktop (named Gmer3 )

Attach here all Gmer logreports. (Gmer1; Gmer2 and Gmer3)

5

zoek log attached

6

gmer logs attached. On first scan, program crashed and I reran it. Did fine second time. Also, for whatever reason right after I sent last post with zoek log system locked up majorly.

7

Gmer still shows outdated avast. WIll you be kind and help yourself updateding your AV?

Gmer doesn’t shows exactly active malware but it does shows some entries that do not match each other which requires attention.
It also shows that Windows default sockets file “mswsock.dll” isn’t on his default location. This may be couse of some infection. Let’s fix that and check it out:

  1. Please download ComboFix from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    note: ComboFix must be downloaded to your Desktop.
  1. Temporarily disable your AntiVirus program.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]=> Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

  1. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

  1. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
    Attach log reports ( ComboFix.txt) back to topic.
8

OK…updated Avast and scanned…sorry about that. Disabling Avast…the icon does not appear in the tray at the bottom of the screen. How else can I check to see that it is disabled before proceeding?

9

Proceed to running Combofix. If you get warning that avast modules are still active, press Ok button and ignore that message.

10

Ran combofix. Attached.

11

Can you please attach screenshot of that message. Have you try to update your Windows?

Re-run zoek as you did before with this script and attach here fresh created zoek log:

c:\windows\PSEXESVC.EXE;virustotal;

P.S: If your browser opens during the script execution, do not close it.

12

Getting back to you. I went to latest windows update and while it was processing the update my screen flashed off and was blank. I run 4 monitors on the system and it was my main monitor that went blank. I tried to wait until i heard no drive processing and then i rebooted. For whatever reason now my main monitor that i do everything off of says out of analog range. Again, all that was happening was a simple windows update. I can boot in safe mode to a different monitor. Do you want me to continue in safe mode for now?

13

As you wish.

I have no idea what went wrong with Windows Update, but you’re not had malware. The problems that you are describing is not related malware. The only thing I still want is to let Zoek to check one file on virustotal site.

Why your main monitorwon’t work, don’t know.

14

zoek log attached.

Could not do screenshot of error message since running in safe mode.

15

File is clean and there is no malware here. Sorry but problem isn’t malware related.

The only thing remains to tell is to remove all used tools via DelFix, download DelFix by “Xplode” from here and save tool to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

16

Ok. Thank you for looking. I don’t know what is going on but I had to start somewhere. Thanks again.