Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Need help removing

02 Jan 2013   #1

Windows 7 x64
Need help removing

Help please.

I'm using Malware Bytes and every restart it quarantines this trojan as svchost.exe

How can I remove it completely?

My System SpecsSystem Spec
02 Jan 2013   #2
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10

Quote: communicates with hackers and steals your confidential data.
Since the infection compromises personal data, it's recommended you change all your passwords at any sites you visit. Be sure to do this on a clean PC.

Run RKill to attempt to stop the malicious process & then run Malwarebytes again. Do not reboot after running RKill

RKill Download

RKill is a program that was developed at that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.
Listed here is a site for manual removal of the infection:

Remove Easily - Manual Removal Guide towards Virus That Infects svchost.exe - Tee Support Blog

Since this this virus is also known for dropping adware/spware on systems, it's suggested you make a copy of Windows Defender Offline & run it.

You should make WDO on a clean PC to ensure the scanner is not compromised.

Windows Defender Offline

Another precaution, run TDSSKiller to be sure you don't have a rootkit (There has been a rise in rootkit infections).

Also consider running AdwCleaner to check for any unwanted toolbars, adware, etc.
My System SpecsSystem Spec
02 Jan 2013   #3

Windows 7 x64

Hi thanks for the help.
This is the log from rkill:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
Copyright 2008-2013
More Information about Rkill can be found at this link:

Program started at: 01/03/2013 01:40:49 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Disabled

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found:       localhost

Program finished at: 01/03/2013 01:40:51 AM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)
The link for manually removing is not helping since I have nothing close to what is shown in the guide.
My System SpecsSystem Spec

02 Jan 2013   #4
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10

Go ahead & run TDSSKiller & see if there are any rootkits present. Also run AdwCleaner. Run Malwarebytes again & see if the problem is still showing up.

Are you running an AV that has a built in Firewall? If so, it generally disables Windows Firewall. Some of them disable the security center to avoid conflicts.

If your AV does not have it's own firewall, then look at these & manually enable windows firewall & security center:

How to Repair Microsoft Windows Security Center | Tech Tips -

Windows Firewall - Turn On or Off

See if you can make a copy of WDO & run it. As stated, this needs to be made on a clean PC


Another post you can look at to solve the problem, should it still be present

Security Center and Firewall Services are disabled on each boot
My System SpecsSystem Spec

 Need help removing

Thread Tools

Similar help and support threads
Thread Forum
Trojan.Agent.Trace - removed. Do I still need to reformat / reinstall?
Hello, the title says it all. Few days ago, Malwarebytes Anti-Malware scan encountered a Trojan.Agent.Trace. So I booted to safe mode and removed it. Then I scanned again and 0 threats were detected, so I suppose the trojan has been removed. I also checked the system with Malwarebytes...
System Security
Hello there guys, In a few words, I just try to find if this kind of malware/virus is it still in a PC. The SUPERAntiSpyware has found an .exe/.pf file and successfully removed ,but I was wonder if this thread can be somwhere in background running also in different kind of file extensions (not so...
System Security
Within the past few days my computer has been freezing which is something that has never happened before. The only solution to the issue was to reboot. Today I decided to do some virus scans. I used avast, then malwarebytes, then superantispyware. Only superantispyware turned up any results. Here's...
System Security
Can't delete reg trojan.agent (Malwarebytes)
Hello, I ran a full system scan with malwarebytes and found this: Registry Keys Detected: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> Quarantined and deleted successfully. malwarebytes then prompted me to restart my computer, so I did. I ran the scan after...
System Security
Hi Everyone - Cannot belive this! Just did a MBam quick scan and found a new item. Can anyone identify it? I removed both items and the computer needed to reboot and now I am unsure how to retrieve the log for your review. Thanks, Sally
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:58.
Twitter Facebook Google+