Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Can't get rid of svchost.exe virus

17 Dec 2013   #1
sharon122

Windows 7 Ultimate x32
 
 
Can't get rid of svchost.exe virus

Hello, Iv'e started to use my brother's PC and I noticed that in every restart or boot that Malwarebytes Anti-Malware quarantines "svchost.exe" which is located at "C:\Users\[user's name]\AppData\Local\Temp", I can know that it is a virus because 1. its not located in Windows\system32 and 2. it takes almost 1 MB, when it need to take about 27 KB, I tried to run MBAM, AdwCleaner, TDSSKiller, RKill, Hitman Pro, CCleaner ,AswMBR, ESET Online Scanner, none of them found it (besides MBAM on boot ofcourse), Microsoft Essentials is my AntiVirus.

I tried to restore the virus and delete in manually, still restores on boot.

I didn't want to run ComoboFix because I'm too scared to use it .

I think that probably the svchost.exe is not the virus itself because even when deleted something restores it each time and none of the programs finds what it is, or because the program is quarantined they can't find it.

Sorry for the long story, hope you will help me.


My System SpecsSystem Spec
.
17 Dec 2013   #2
CanIHaz

Windows 7 Home Premium x64 SP1
 
 

If it's in temp file, you should try to kill the process and run CCleaner to clean out the temp files. If that didnt work, try Hitman Pro to get rid of it.
HitmanPro 3 - SurfRight

Force hitman pro to go into breach mode so it can kill all the process before scanning and deleting.
Hitman Pro in Force Breach Mode |
My System SpecsSystem Spec
17 Dec 2013   #3
sharon122

Windows 7 Ultimate x32
 
 

Quote   Quote: Originally Posted by CanIHaz View Post
If it's in temp file, you should try to kill the process and run CCleaner to clean out the temp files. If that didnt work, try Hitman Pro to get rid of it.
HitmanPro 3 - SurfRight

Force hitman pro to go into breach mode so it can kill all the process before scanning and deleting.
Hitman Pro in Force Breach Mode |
Like I said I tried Hitman Pro, and I forgot to mention that I used CCleaner too, now I tried Hitman Pro in Force Breach mode, just found some cookies like last time. and suspicious file which is :

Quote:
Startup
HKLM\SYSTEM\CurrentControlSet\Services\xsherlock\
And :

Quote:
Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon)
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon)
My System SpecsSystem Spec
.

17 Dec 2013   #4
CanIHaz

Windows 7 Home Premium x64 SP1
 
 

those looks normal and the registry sherlock looks like a reg from a game.. But do you have any toolbar by any chance with babylon?
My System SpecsSystem Spec
17 Dec 2013   #5
sharon122

Windows 7 Ultimate x32
 
 

Maybe my brother install it, but I don't have it on Google Chrome or Firefox
My System SpecsSystem Spec
17 Dec 2013   #6
Devlin1888

Windows 7 Home Premium 64Bit
 
 

If you feel you NEED to use combofix please refer to this thread Do not use Combofix on your own!! and make sure you have someone who knows EXACTLY what they are talking about, good luck.
My System SpecsSystem Spec
17 Dec 2013   #7
sharon122

Windows 7 Ultimate x32
 
 

Quote   Quote: Originally Posted by Devlin1888 View Post
If you feel you NEED to use combofix please refer to this thread Do not use Combofix on your own!! and make sure you have someone who knows EXACTLY what they are talking about, good luck.
That's the problem, I don't, that's why I asked here so people will guide me
My System SpecsSystem Spec
17 Dec 2013   #8
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

After rebooting, tell me if it's gone.
My System SpecsSystem Spec
17 Dec 2013   #9
sharon122

Windows 7 Ultimate x32
 
 

Quote   Quote: Originally Posted by Jacee View Post
Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

After rebooting, tell me if it's gone.



No, it's not gone, just to make sure do I need to have svchost.exe on my PC so the program will clean it? because it quarantined by MBAM.

Anyway, this is the log :

Quote:
Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: hedev
->Temp folder emptied: 43164427 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Victor
->Temp folder emptied: 6562135892 bytes
->Temporary Internet Files folder emptied: 12820162 bytes
->Java cache emptied: 853578 bytes
->FireFox cache emptied: 115347330 bytes
->Google Chrome cache emptied: 355633491 bytes
->Flash cache emptied: 57650 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 332614 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 21067690 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 6,782.00 mb
My System SpecsSystem Spec
18 Dec 2013   #10
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

"Total Files Cleaned = 6,782.00 mb" <--- wow that's a lot of 'garbage' cleaned out of your temporary files!

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
My System SpecsSystem Spec
Reply

 Can't get rid of svchost.exe virus




Thread Tools




Similar help and support threads
Thread Forum
File Name.exe and svchost.exe virus?
Hello. My friend borrowed my laptop earlier this morning and he returned it to me after 3 hours. Upon checking my laptop status, I saw to new processes: File name.exe and svchost.exe. I end it's processes and check the msconfig. I saw two new checked start-up entry: svchost.exe and Windows...
System Security
svchost.exe virus respawning
The file C:\windows\svchost.exe keeps respawing.. Malwarebytes says it is a virus, and removes it, but if I reboot (or just sit there for a few minutes) it respawns and is back..! How can I delete it for good? or find the process that creates it so I can stop it?
BSOD Help and Support
svchost.exe virus
I have looked for numerous solutions to my problem but to no avail. My antivirus software had given me many warning of malicious URLs relating to the svchost.exe. I did not have any issues outside of those warning until the other day when I came back to my computer and got a blue screen. I have...
System Security
Virus in Svchost
For a while now I have been having an issue with svchost.exe. I am running Malwarebytes Anti-Malware with the local protection. When I have the protection enabled it tells me that svchost.exe is trying to connect to an unsafe IP and it blocks it, however when MBAM blocks it, it blocks my internet...
System Security
svchost.exe virus?
Hello all! It seems that from a day to another, my computer ( including internet ) started to have massive lags.Everytime I turn my router off so I can play S4League ( there's a topic I made to try to fix it but I couldnt do it so everytime I wanna play I gotta unplug my router) A friend of mine...
Performance & Maintenance
svchost virus
From what I can understand the only svchost.exe should be found in the system32 folder. However, I completed a search and I've discovered it's in a lot more folders than system32. I need to get rid of these files as I believe they are the cause of my recent problems and annoyances. How do I go...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:15.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App