Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Can't get rid of svchost.exe virus

17 Dec 2013   #1

Windows 7 Ultimate x32
 
 
Can't get rid of svchost.exe virus

Hello, Iv'e started to use my brother's PC and I noticed that in every restart or boot that Malwarebytes Anti-Malware quarantines "svchost.exe" which is located at "C:\Users\[user's name]\AppData\Local\Temp", I can know that it is a virus because 1. its not located in Windows\system32 and 2. it takes almost 1 MB, when it need to take about 27 KB, I tried to run MBAM, AdwCleaner, TDSSKiller, RKill, Hitman Pro, CCleaner ,AswMBR, ESET Online Scanner, none of them found it (besides MBAM on boot ofcourse), Microsoft Essentials is my AntiVirus.

I tried to restore the virus and delete in manually, still restores on boot.

I didn't want to run ComoboFix because I'm too scared to use it .

I think that probably the svchost.exe is not the virus itself because even when deleted something restores it each time and none of the programs finds what it is, or because the program is quarantined they can't find it.

Sorry for the long story, hope you will help me.

My System SpecsSystem Spec
17 Dec 2013   #2

Windows 7 Home Premium x64 SP1
 
 

If it's in temp file, you should try to kill the process and run CCleaner to clean out the temp files. If that didnt work, try Hitman Pro to get rid of it.
HitmanPro 3 - SurfRight

Force hitman pro to go into breach mode so it can kill all the process before scanning and deleting.
Hitman Pro in Force Breach Mode |
My System SpecsSystem Spec
17 Dec 2013   #3

Windows 7 Ultimate x32
 
 

Quote   Quote: Originally Posted by CanIHaz View Post
If it's in temp file, you should try to kill the process and run CCleaner to clean out the temp files. If that didnt work, try Hitman Pro to get rid of it.
HitmanPro 3 - SurfRight

Force hitman pro to go into breach mode so it can kill all the process before scanning and deleting.
Hitman Pro in Force Breach Mode |
Like I said I tried Hitman Pro, and I forgot to mention that I used CCleaner too, now I tried Hitman Pro in Force Breach mode, just found some cookies like last time. and suspicious file which is :

Quote:
Startup
HKLM\SYSTEM\CurrentControlSet\Services\xsherlock\
And :

Quote:
Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon)
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon)
My System SpecsSystem Spec
.


17 Dec 2013   #4

Windows 7 Home Premium x64 SP1
 
 

those looks normal and the registry sherlock looks like a reg from a game.. But do you have any toolbar by any chance with babylon?
My System SpecsSystem Spec
17 Dec 2013   #5

Windows 7 Ultimate x32
 
 

Maybe my brother install it, but I don't have it on Google Chrome or Firefox
My System SpecsSystem Spec
17 Dec 2013   #6

Windows 7 Home Premium 64Bit
 
 

If you feel you NEED to use combofix please refer to this thread Do not use Combofix on your own!! and make sure you have someone who knows EXACTLY what they are talking about, good luck.
My System SpecsSystem Spec
17 Dec 2013   #7

Windows 7 Ultimate x32
 
 

Quote   Quote: Originally Posted by Devlin1888 View Post
If you feel you NEED to use combofix please refer to this thread Do not use Combofix on your own!! and make sure you have someone who knows EXACTLY what they are talking about, good luck.
That's the problem, I don't, that's why I asked here so people will guide me
My System SpecsSystem Spec
17 Dec 2013   #8
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

After rebooting, tell me if it's gone.
My System SpecsSystem Spec
17 Dec 2013   #9

Windows 7 Ultimate x32
 
 

Quote   Quote: Originally Posted by Jacee View Post
Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

After rebooting, tell me if it's gone.



No, it's not gone, just to make sure do I need to have svchost.exe on my PC so the program will clean it? because it quarantined by MBAM.

Anyway, this is the log :

Quote:
Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: hedev
->Temp folder emptied: 43164427 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Victor
->Temp folder emptied: 6562135892 bytes
->Temporary Internet Files folder emptied: 12820162 bytes
->Java cache emptied: 853578 bytes
->FireFox cache emptied: 115347330 bytes
->Google Chrome cache emptied: 355633491 bytes
->Flash cache emptied: 57650 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 332614 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 21067690 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 6,782.00 mb
My System SpecsSystem Spec
18 Dec 2013   #10
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

"Total Files Cleaned = 6,782.00 mb" <--- wow that's a lot of 'garbage' cleaned out of your temporary files!

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
My System SpecsSystem Spec
Reply

 Can't get rid of svchost.exe virus





Thread Tools



Similar help and support threads for2: Can't get rid of svchost.exe virus
Thread Forum
svchost.exe virus respawning BSOD Help and Support
Solved svchost.exe virus System Security
Virus in Svchost System Security
svchost.exe virus? Performance & Maintenance
svchost virus System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:44 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33