Expanding svchost.exe

[lukaswrites]

Hi guys, i am a new guy here, but i need help. I am currently using windows 7 ultimate edition. One day my Kaspersky Antivirus told me that the file svchost.exe is trying to download a strange .exe file from the net,which seemed to me as a virus, so i concluded that the file svchost.exe had been infected by a new kind a virus ( kaspersky couldn't fix that)

the question is : How can I restore the original svchost.exe from the windows 7 disc through the system recovery ( booting from installation disc), because when i tried to extract it by using 7-zip extractor in win32 environment, the virus could detect it and then infected it again! so i need to restore it from the environment which the virus can't be activated. PLEASE HELP.

any suggestions will be appreciated. Thanx.

 

[richc46]

Would a system restore be a lot easier?

 

[lukaswrites]

unfortunately, i don't have any restore points at all

 

[Bill2]

Do a virus scan with an online scanner like Eset or Panda. Another thing you can do is to download and scan with malwarebytes antimalware.

 

[lukaswrites]

i have tried both eset and panda, and you may notice that i've tried it with kaspersky 2010 pro edition!

 

[richc46]

Did you turn off system image, also?

 

[lukaswrites]

nope, well, i still can't use it however since i haven't made any images at all....

 

[Bill2]

lukaswrites,

can you tell us exactly what is happening on your machine? Other than the kaspersky message, have you noticed any wierd behaviour? Also what is the name of the strange file that svchost was trying to download?

 

[richc46]

nope, well, i still can't use it however since i haven't made any images at all....

Images may have been automatic by default.

 

[lukaswrites]

well, according to the kaspersky antivirus 2010, svchost was trying to download file http://83.133.124.199/inst_n107.exe ,and not only svchost.exe that was trying to download this file, but ALL of my browsers seem has been infiltrated by this virus, and when i used google search, firefox, opera, safari were detected to access random phising URLs. any idea?

 

[zigzag3143]

well, according to the kaspersky antivirus 2010, svchost was trying to download file http://83.133.124.199/inst_n107.exe ,and not only svchost.exe that was trying to download this file, but ALL of my browsers seem has been infiltrated by this virus, and when i used google search, firefox, opera, safari were detected to access random phising URLs. any idea?

Boot from the win 7 dvd and do a repair install

 

[lukaswrites]

can you tell me the steps??

 

[CarlTR6]

This appears to be a Trojan and I found it on torrentz.

 

[lukaswrites]

@carl : how can i remove it?

 

[CarlTR6]

Download and install Malwarebytes (free version) and run a complete scan. Also do a scan with your updated anti-virus program.

Malwarebytes

 

[lukaswrites]

@Carl : I have done all of them, and nothing seemed to be working , i think it's new kind of trojan, even Kaspersky 2010 can't remove it, it only can block it. What am i supposed to do??

 

[CarlTR6]

Can you identify the name of the Trojan? Does Kaspersky identify the name?

You might try booting in the sage mode with internet support and doing an online scan.

HouseCall - Free Online Virus Scan - Trend Micro USA

 

[Bill2]

Well, i'm afraid, am still not able to understand the problem. That url that you have linked, when i try to open it in IE, it says IE cannot display the webpage. Googling for inst_n107.exe or similar terms yields no result. If you suspect that you are being taken to phishing sites, use tools such as the phishing filter in IE. Run regular scans with your antivirus and antitrojan app and avoid clicking on links to critical sites like your bank and credit card from other websites.

 

[CarlTR6]

Bill, I used the last part of the link and did a search for n107.exe. I did not try to click on the link.

 

[Thorsen]

can you tell me the steps??

http://www.sevenforums.com/tutorials/3413-repair-install.html

This is a Tutorial on how to do a Repair Install

Edit: Important: Read through all warnings and steps before starting this...It would also be wise to print out the instructions so you dont have to have them onscreen while doing the Repair.