Virus Detected in Windows Files!, Please help fast!!!

[demetroman]

Hi,
I detected these viruses on open with the task manager (process tab),I am 100% sure that these files are infected with viruses , when these are running, my pc slows down and sometimes freezes the program i am into. The Infected files I found till now are:

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\SearchProtocolHost.exe

C:\Windows\System32\dllhost.exe

C:\Windows\splwow64.exe

Please Help, My anti-virus(ESET NOD32 Antivirus 5) doesn't detect these infected files. Neither Windows defender or Microsoft Windows Malicious Software Removal Tool do. What should I do??? Any helpful answers will be appriciated.

Thanks for reading and sorry for too long. If you know how to fix this pls tell me fast.

Demetroman

 

[Achilleus]

Welcome to Seven Forums!
Try this:
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Take Care

 

[Infinite]

Try Malwarebytes or ESET's Online Scanner.

 

[Jacee]

These are all legitimate files:

C:\Program Files\Windows Media Player\wmpnscfg.exe
WMPNSCFG - WMPNSCFG.exe - Program Information
C:\Windows\System32\SearchProtocolHost.exe
What is searchprotocolhost.exe? - searchprotocolhost explanation.
C:\Windows\System32\dllhost.exe
Dllhost.exe Process - What is dllhost.exe?
C:\Windows\splwow64.exe
What is splwow64.exe? - splwow64 explanation.

 

[demetroman]

Welcome to Seven Forums!
Try this:
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Take Care

Hey, Thanks a lot. I have done the second option. It says it didn't find any integrity violations )
I hope this is true. But I almost always find in task manager process splwow64.exe, (Printer Host 32-bit which is splwow64.exe) Its is open while i am not printing, i end this process and every 3-5 minutes it comes up again :sarc:, is there something where i can stop this thing or block it through services or something? Please reply and thnnxx for ur help till now.

Best Regards,I'll be waiting for a reply.
Demetroman

 

[Infinite]

If you do not have a Printer go to services.msc, locate to Print Spooler, then stop and disable the service.

 

[A Guy]

Upload the individual files to Virus Total. As Jacee said, they are all names of legitimate windows files. Confirm their locations, and see if VT finds their hash and/or scans them as safe. A Guy

 

[demetroman]

NO, it is a virus, always hen it's open wndows explorer stops responding!
This cant be a legit file!!! please help , how can i stop this? or replace splwow64.exe???? (print driver host for 32-bit applications)

 

[Jacee]

I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

 

[The Unofficial]

Hi there!

I hate to sound harsh here, but just because they have legitimate names, doesn't mean their not infected. The original files could have been replaced with he infected ones. Upload the files to Virus Total, do a Malwarebytes scan, do an ESET scan, and then we'll talk about disabling the service IMHO.

Let us know what happens!

 

[Jacee]

Yes, a virus or malware will hide using a legit file name, that's why I asked for an ESET scan.

 

[The Unofficial]

Good call. I had the thread open for a while, so your reply popped up unbeknownst to me.

 

[A Guy]

Yes, we are aware, we were just stating that they are the names of legit files A Guy