SVCHOST.EXE MALWARE Invasion

Hello: I have been getting a large number of Avast Webscan warnings when I go on the internet.
Here are the MalWare warnings that keep popping-up [especially the first one, bestdriverstar.net]

URL:http://bestdriverstar.net/4141/
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://simplesitescan.net/4141/
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://alwaysisobar.com/4141/
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

URL:http://opticguardzip.net/4141/
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

I have run a full Avast scan (nothing found)
I have run Hitman Pro (nothing unusual found)

Attached are my malwarebytes scan log from yesterday [found a trojan], FRST and FRST addition text files , the aswMBR.exe scan log file. I have also run Zoek.exe but the Avast forum will not allow more than 4 attachmens. I will try to post it after the initial posting.

Can you please figure out a way to remove this malware? After all of these scans, the frequency of the Avast Webscan pop-ups has subsided significantly, but not completely.

Thanks.

I have also posted my Zoek.exe scan results here [Avast forum restricts participant to 4 attachments so it was not in my original posting]

Monitoring…

I made a donation for Malware removal via PayPal!

We haven’t even started, but thanks :slight_smile:

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Hello Sorry about the delay. I thought my email was linked to this posting but apparently it isn’t. Anyway, I have attached the Zoek.exe text file to this reply.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

The fixlog.txt is attached.

How is your PC behaving now?

My computer seems to be Malware free and I am not getting anymore Avast webscan warnings concerning the malwares that I cited in the thread above. So GREAT! Problem solved! :slight_smile:

I appreciate your help! I ALREADY made a donation for the Malware removal via PayPal! [see this thread, my comment 13 June–Reply #3]. Your technical savvy is much appreciated!