Solved MSE detected possible threat

[debodun]

When I ran a quick scan today with MSE, it indicated a possible infection. However, when the scan was completed, I looked in the history at ALL DETECTED ITEMS, and it was BLANK. I repeated the scan and the same thing happened. The warning pops up when the scan hits svchost. A quick scan with MalwareBytes detected nothing.

 

[ICIT2LOL]

Ok debodun please follow this
Now before we can help we do need to know what is in your machine so please do this System Info - See Your System Specs
or either enter the specs of your system in your forum profile the specs will appear when we click on that little box bottom left of the post screen it is for me the preferable option as it is easy. As you may appreciate it is very hard when you don’t know what one is working with for example a diesel or petrol engine.
*(pretyped to save time)

The run these
SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

AdwCleaner Download
ADW download from bleeping computer delete any rubbish found with the malware scans
(NB If you are running Kaspersky as the main AV then it might need disabling it when trying ADW because it does not like it at times)

 

[debodun]

Would Speccy tell you what you need to know?


BTW - I used to use those spyware programs you mentioned, but they somehow didn't work properly for me - they deleted thing they shouldn't have.

I checked the properties of all the svchost.exe (there are 12 running in Task Manager, which is the usual number) and they all seem to be legit (from Microsoft).

I also updated my system specs with known info.

 

[ICIT2LOL]

Ok the specs are good now and it could possibly be a false positive on the part of MSE and why I asked you to run those other softwares. Now what I don't understand why they removed stuff you wanted on your machine as we all have been using them for years and I personally have had no issues with them.

An alternative is to use this http://support.kaspersky.com/viruses/rescuedisk
You will need to make a bootable disk or stick I prefer a disk and just power up with the disk or stick inserted after first changing the boot order in the BIOS. This scan runs in a non Windows environment and will check all parts of the machine. It does not take that long and is in my mind the best of the rescue disks.
Just as a by the by it states that it is for machines that will not start but it can still be used in any situation.

If you are not sure of how to make the bootable disk see this Bootable ISO - Create from Installation Files
Now it says an ISO for Windows - just substitute the Windows ISO with the Kaspersky rescue disk download and just one last thing where it states what speed burn rate choose the slowest rate possible because when burning ISO's it is better done slowest as it minimises the risk of file corruption.

If you have any problems post back.

 

[debodun]

Okay....it's just a little disconcerting to get a notice of a possible infection when I am so careful like not opening any emails from unknown senders and if I need to visit a new web page, I check it out first through Webutation and Google Safe Browsing. After I used SuperAntiSpyware before, all the photos or pics on websites had a broken image icon in place of them. It was about 2 years ago and now I forget what I had to do to resolve that problem. Thanks for the suggestions....will keep in mind if I get bogged down.

 

[ICIT2LOL]

Well cannot explain why SAS broke the pics but I guess it may have been an older version that had bugs but if you are not happy with it then thats your choice.

Yes well I used to use that feature app WOT but it was not that much good and to be honest nothing you can do on the net is ever safe even if sites like the one you are using say it is because the malware technology is so very sophisticated now.

I just depend on my own personal favourite AV and those MBAM,SAS and ADWCleaner scans as an add ons and besides there is nothing like staying alert when you are on the net.

As I mentioned the rescue disk is best if you are ever concerned your AV is not picking up something or if the machine is not powering up etc because of the Linux based system it runs in and it (Linux system/s) is less prone to malware than Windows in any case.

 

[Twario]

I don't want to steal your thread, but I just wanted to add that I'm having this exact same issue. Even down to the warning message popping up when it hits "svchost" and malware bytes not finding anything. I'm actually pretty worried now, since just yesterday I was putting personal info into a job application online. Do you have any updates on how this issue is going for you?

 

[debodun]

You could try some of the suggestions made by others in this thread. Maybe you are more courageous than I am to download and run these. Let me know how it turns out and if you ever find the problem or solution.

 

[torchwood]

Yeah this is getting stranger by the minute.

I've seen a few other threads reporting the same about MSE finding >> then not.


Roy

 

[axe0]

Does MSE specify what it finds? We'll need to know what it finds, certain infections can only be removed through specific methods where the regular things (MSE, Malwarebytes, Kaspersky, etc.) won't always work for certain reasons.

 

[Twario]

Does MSE specify what it finds?

It does not. No matter how many times you scan, Literally nothing appears in the 'history' where you can usually find quarantined items, allowed items, and all detected items. I've even tried changing the settings so it quarantines all found items no matter the alert level. I don't know if OP altered the settings like I did (it's in default actions), to see if that changes anything for him.

I also don't know if a 'full' scan would net different results, since it takes forever on my computer. I might have to try that soon.

 

[debodun]

I see nothing in the history tab either (I usually do quick scans) no matter which button I select. Like Twario mentioned, full scans take hours. Once in a while, when I attempt to download MSE defs manually, I get this message, although when I check the date and time of the update, it has been downloaded:

 

[axe0]

Could you try to download and install the virus definitions from http://www.microsoft.com/security/portal/definitions/adl.aspx

 

[ICIT2LOL]

Now back in post #4 I suggested the rescue disk by Kaspersky and if you want to run a Windows free scan then it is the way to go as it scans everything.

Now it is up to those who are concerned whether to run that or not but for the sake of making a bootable disk or stick and scanning with it I am not sure what those concerned actually want.

There are other rescue disks too that do the same thing and I have used them / tested them on my test desktop at home and all are very thorough.

This link gives few but I would shy away from Norton and AVG the rest are good
11 Top free bootable antivirus rescue discs for Windows PCs | Digital Citizen

Now it is also a good idea to have this on board your machines if you want to avoid accidentally missing add on software that sometimes come with free stuff ie Askbar and the Google toolbar
Unchecky - Keeps your checkboxes clear

 

[debodun]

A quick scan on Saturday did not find anything.

 

[Twario]

A quick scan on Saturday did not find anything.

Yeah, same thing here when I do a quick scan. My theory is that a recent windows update caused MSE to think that the otherwise benign file/service was a possible threat, but that seems to be fixed now. I don't think there's much of anything to worry about for now.