Found, not fixed Temp\qhmq.tmp\svchost.exe

[jazzjon]

 Can't delete. C:\Windows\Temp\qhmq.tmp\svchost.exe
Hi. Something keeps dropping an svchost.exe file.
Avast notices. I delete it.
Then 5 minutes later it pops up again.

I've done scans with : adaware pro, avast, a2, malbytes, spyhunter, trojan remover, spybot.... nothing gets it.

It drops the file after delete, it does it again with a little change.:

C:\Windows\Temp\oxpi.tmp\svchost.exe
C:\Windows\Temp\lrao.tmp\svchost.exe
C:\Windows\Temp\qhmq.tmp\svchost.exe

it's id'd as : Win32:Malware-gen

any help would be appreciated. I'm using windows 7

[Lisandro]

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.

[koco45]

Firstly, excuse my poor english. I had same problem than you on XP. I used HitmanPro http://www.techspot.com/downloads/1278-hitman-pro.html, and it seems that problem is gone ( the avast warnings are gone, no more *.tmp folders with svchost.exe in c:\windows\temp\ ). I am complete newbie so please dont ask me why it is so  .