Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: svchost.exe file in the /windows directory not system32

28 Jul 2012   #11

Windows 7 Ultimate x64
 
 

I agree with everyone else, that the best thing is a full reformat of the system to clean up everything. Even though it's not something good, it's the best bet in the long run, generally speaking, when a Windows installation has some (severe) malfunction it's much faster to just reinstall it from scratch then try to repair it.

Make sure that before formating, you copy all your data files to another drive, CD or other place booting from a portable OS. And once you install Windows again, first of all install an antivirus and do a full scan of the backup you made, just to prevent a re-infection.

My System SpecsSystem Spec
.

30 Jul 2012   #12

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Just because your scanners are showing clean doesn't necessarily mean you are free of a virus. There are different categories of viruses, some more stubborn/harder to remove then others. A rootkit is one of the harder ones to remove (in most cases) & even if you do manage clear most of it, there's always a chance that some remnant of it may cause problems down the road, or even reinstall itself at some point. Not to mention the damage that was probably caused to some of your operating system files, which will need to be repaired.

Quote:
Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; re-installation of the operating system may be the only available solution to the problem.
Being that Microsoft recommends a reinstall when it comes to this virus, this remains your best bet.

Back up your files on the medium of your choice and make sure they are thoroughly scanned before putting them back on the system. If in doubt, you can submit files (up to 32MB) to VirusTotal, which will scan the files with multiple AV programs.

https://www.virustotal.com/

Another thing you may wish to do, after you have done a reinstall (do not do this now), is to make a system image. This can be invaluable should something like this happen down the road:

Backup Complete Computer - Create an Image Backup
My System SpecsSystem Spec
30 Jul 2012   #13
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please read about ZeroAcess and what it does, here ZeroAccess Rootkit Guards Itself with a Tripwire Webroot Threat Blog
My System SpecsSystem Spec
.


30 Jul 2012   #14

MS Windows 7 Ultimate SP1 64-bit
 
 

Borg,
I agree. Only an offline malware removal tool such as Microsoft's offline malware removal tool, WDO, will catch many problems.

Incidentally, I disagree with Jaycee's advice, but that is another topic and I'm in no mood for such discussions.
My System SpecsSystem Spec
30 Jul 2012   #15
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My advice is to wipe the OS and do a 'clean' install. Once you have a Rootkit, your computer has been severely compromised and it will never be stable again.... unless you do what I just said.

The article above, that I linked to, tells what ZA Rootkit does and how it acts to render your computer worthless.
My System SpecsSystem Spec
30 Jul 2012   #16

MS Windows 7 Ultimate SP1 64-bit
 
 

I disagree. Not all rootkits are created equal. True, there are some that do irreparable damage to your system files, however, most people would like to avoid a reinstall like the plague if at all possible. I give them a possibility that works in an amazing number of cases.
My System SpecsSystem Spec
30 Jul 2012   #17
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Nope, not all Rootkits are created equal... this one creates it's own hidden partition that is just about impossible to find, let alone clean up.

Karl, did you read what ZA is and does? Would you allow it to be "fixed" on one of your own computers, or wipe and 'clean install' the OS?
My System SpecsSystem Spec
01 Aug 2012   #18

7 Home Premium 64-bit
 
 

Thank you for addressing 3 & 4 in my previous message. If I get to that stage I will definitely follow the advice on that.

However, I'm the type that likes a good fight. LOL. I went ahead and skipped #1 (SUPER AntiVirus), and did #2 (ComboFix) instead. So far, combofix seems to have fixed the problem. I'm waiting for feedback on the combofix logs on another forum before I declare the issue solved, but so far, I seem to be back up and running with no issues remaining on the infected computer. Internet connection is back, updated Hitman and Malware Bytes, and all 3 (Hitman, MalwareByes, and Kapersky TDSS Killer) showing no signs of infection. Keeping my fingers crossed that ComboFix did the job!

I will review all the other information above. I was able to get all important files over to an external, so I bought myself some time and can go ahead and try to fight this battle before giving up and having to re-install 7.
My System SpecsSystem Spec
04 Aug 2012   #19

7 Home Premium 64-bit
 
 

Between ComboFix and OTL, I seem to have solved all problems. I will keep you all updated with any relevant info.

I would like any input on what anti-virus, anti-malware programs you all recommend to prevent this from happening again. Things like real-time protection that don't slow things down too much (I do lots of video editing....). I will always use Malware Bytes. I've heard good things about Avast. What else? And is it advised to just stick with one or two defense programs, or is running a bunch more OK?

Thank you very much for your help, advice, and assistance. It's been interesting to say the least!
My System SpecsSystem Spec
04 Aug 2012   #20

MS Windows 7 Ultimate SP1 64-bit
 
 

I use, and use only MSE, Microsoft Security Essentials.

This will help explain why:
Understanding Microsoft Anti-Malware Software 2012 ~ Security Garden
My System SpecsSystem Spec
Reply

 svchost.exe file in the /windows directory not system32




Thread Tools



Similar help and support threads for2: svchost.exe file in the /windows directory not system32
Thread Forum
how do i edit my host file in Windows\System32\drivers\etc - General Discussion
Solved File: \Windows\system32\winload.exe missing or corrupt BSOD Help and Support
File directory: Many directory bear the same name after hd replacement Performance & Maintenance
How to delete a file in system32 System Security
Regedit--windows searches in wrong directory (windows\system32) General Discussion
windows explorer directory file totals Customization
How to copy a file into System32 folder...? General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:44 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33