Solved svchost.exe virus

[jennsf]

I have looked for numerous solutions to my problem but to no avail. My antivirus software had given me many warning of malicious URLs relating to the svchost.exe. I did not have any issues outside of those warning until the other day when I came back to my computer and got a blue screen.

I have run countless scans on AVG Free, Malwarebytes, and Avast Internet Security. AVG and Avast were not picking up on anything, but Malwarebytes said that the svchost.exe was a Trojan and that it would delete on reboot...after reboot however, it was still there.

From my understanding, svchost.exe is normally supposed to exist just in the C:\Windows\System32 folder, but I have another one in the C:\Windows folder that says it was created just a few days ago (as opposed to July 2009). There is something wrong with this svchost.exe in the Windows folder, but nothing seems to be getting rid of it.

I am a novice when it comes to computers, but would rather not have to resort to paying over a hundred dollars to fix this issue. Is there any way to rid myself of this virus manually?

(if this helps, I am running Windows 7 64bit on an HP Pavillion g6 series laptop)

 

[Borg 386]

What was the virus name/file that Malwarebytes identified it as? You can check the logs in MB to find it if you don't remember. I ask this since there are cleaners that target specific viruses. The name would be helpful.

Also, did you check the box next to the listed virus so that it would be quarantined? MB will not act if you do not check the box.

The other options for AV scanners are:

SuperAntiSpyware

This link is for the portable version, you can d/l it & run it from a FD or CD.

Please note : The scanner is saved under a random filename so that malware infections won't block the scanner.

Norton Power Eraser

You will need an active net connection to run this tool.

Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully.

Another option is to use a Bootable AV disk. This will scan your system at startup and attempt to clean out the infections before they initialize. Probably your best bet if the others can't remove it since the infected svchost is in active use by the system and can't be removed unless it's inactive.

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Note: Kaspersky has caused problems in the past, if they have remedied this, I do not know, but it may be wise to try one of the other disks first

 

[jennsf]

The file name that Malwarebytes gave me was "C:\Windows\svchost.exe". It said the file was a Trojan. On the majority of the times I did a scan, it only allowed me the option to Delete on Reboot, which I did at least 3 times. I believe one time it told me that it was quarantined and deleted successfully, but the file still hadn't moved anywhere.

I did a boot scan with Avast, which I believe is similar to the Bootable AV Disk you are suggesting. It ran a four-hour scan on my entire system before Windows started, but all it ended up doing was corrupting my Windows user file, and when I checked the C drive, svchost was still there.

Unfortunately I ended up sending the computer off to a local repair shop about an hour ago because I was out of all of the options that were available to me. Thank you for your help though.

 

[Borg 386]

Mostly when you get a file like that infected, one that actively runs when Windows is up and running, it's hard to get rid of it since it's in use by the system, something virus makers use to their advantage. If something like this happens down the road, give the above tools a try & consider running them in safe mode without a net connection. Viruses have a bad habit of calling for backup when you try to delete them.

Making a system image can prove invaluable when something like this happens. Here's a couple links you may find useful.

http://www.sevenforums.com/tutorials/663-backup-complete-computer-create-image-backup.html

http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

Another program you may wish to add to your arsenal is Rkill

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.

http://www.bleepingcomputer.com/download/anti-virus/rkill

Wishing you a safe & Happy New Year

 

[jennsf]

Thanks so much for the resources, and a happy new year to you too.