Threat Detected appearing all the time - svchost.exe

I’m getting VERY frequent pop-up boxes reporting that a threat has been detected.
It is centred on the svchost.exe with ortiguard, any-Chicago

Attached are the basic scan log files, I will perform a Zoek scan now.

many thanks
Andy (UK)

Hello,

Please follow this topic and attach required reports

https://forum.avast.com/index.php?topic=53253.0

Logs attached

malware_log
FRST
Addition
aswMBR

Also I ran rhe zoek.exe programme.

I used one of your scripts, but changed the user to MYNAME

Attached is the log produced.

NB: the zoek.exe programme keeps restarting event though I close it,

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Here is the log file from zoek.exe

Appreciate your help to all members of this forum ;D

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Fix with ZOEK

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Preferences;f
chrdefaults;

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by andy on 13/06/2015 at 18:13:52.94.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\andy\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-06-12-201918.log 4862 bytes
C:\zoek-results2015-06-12-232357.log 24737 bytes

==== System Restore Info ======================

13/06/2015 18:18:22 Zoek.exe System Restore Point Created Successfully.

==== Deleting Files \ Folders ======================

“C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Preferences” deleted

==== Reset Google Chrome ======================

C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3099 folders=519 759811266 bytes)

==== EOF on 13/06/2015 at 18:19:05.88 ======================

Very good. How is your PC behaving now?

The popup warnings have disappeared.
many thanks
Andy

Cheers :slight_smile:

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.