Looks like a lot of people are getting this ATM… Started about a month ago for me and then last night spam was sent from one of my email accounts (Obviously changed the password on that one pretty quick!) which prompted me to immediately do an mbam scan. That found some dodgy files and PUPs (no malware though) which I removed. When I did a rescan mbam found nothing, and a very thorough avast scan found nothing either, and yet I’m still getting these damn svchost.exe popups where avast is blocking a url request as malware. Windows 8.1. Have attached FRST logs.
Thanks for this Essexboy, log attached. As others have said, these popups weren’t continuous so I will report back tomorrow to confirm I am still popup free (often would get some on initial boot and as I’ve just restarted as part of that scan I didn’t get any this time so hopefully all ok now…). Seen as there have been a lot of people posting on here with this virus (?) do you/the malware team know what it is? Is the sending of spam to be associated with it or do I have another potential problem there?
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
{524B8049-8D7E-4CE1-A9EA-166C834309B2} canceled.
{E75AB3AE-BF10-4939-A4F4-3702D6F2711D} canceled.
2 out of 2 jobs canceled.
This was the bad boy, it utilises a windows update stream
Right, so bitsadmin was compromised and by resetting we fix it/removed the virus, or that was the virus and we removed it completely? Regardless, am I able to trust updates that appear in the windows update dialogue as available to download/install, then? I.e. this virus was just acting in the background masking its internet connectivity under windows update and windows update itself is fine?
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe