svchost.exe popups - another one

I’m glad I found this forum, and more glad that I’m not the only one struggling with this.

I keep getting the “threat has been detected” message like this:

URL: htXp://anythicago.com/3333/LibraryFunc_142277749447700.dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe

I read through the forums and tried some of the suggested fixes/actions:

I ran rkill, spybot, hitman, and avast with nothing being detected.

I ran FRST64 (logs attached) and adwcleaner, which removed a few things.

then I uninstalled Chrome (after I unsynced account)

I ran zoek with the script: autoclean; emptyalltemp; inconfig /flushdns; b (attached)

I’d appreciate any help.

thanks guys!!

Hello,

Do you have FRST reports?

Please follow this topic and attach required reports

https://forum.avast.com/index.php?topic=53253.0

original post had a FRST log, here’s an updated one after I did the zoek and uninstalled chrome.

thanks!!

Also the logs from AdwClean

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Attached - Fixlog.txt

thanks for the help!! I just ran it, I think it’s too soon to know for sure, but I’m confident. thanks again.

Okay, let me know in a couple of hours.

Seems to be good to go.

thanks!!

I really appreciate the help.

Cheers :slight_smile:

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.