Avast WEBforum
Other => Viruses and worms => Topic started by: Grape Jelly on April 20, 2012, 03:57:51 AM
-
Hi,
While connected to the internet I receive notices from avast! saying that harmful sites that appear to be originating from 'svchost.exe' are being blocked by the Network Shield.
Screenshots here: http://imgur.com/a/ttwew
Please guide me in removing this malware, tell me where it could have possibly originated from, and advise me on how to avoid it from reoccurring.
Thank you.
-
Follow this guide and attach logs from Malwarebytes quick scan / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0
-
Malwarebytes' Anti-Malware Log:
http://pastebin.com/bnXknKJf
Extras.Txt:
http://pastebin.com/dXDnUjbN
OTL.Txt:
http://pastebin.com/EmTjCrmE
I can't complete a scan using aswMBR.exe without blue screening.
-
so why dont you attach (not copy and paste ) the logs here ???
-
so why dont you attach the logs here ???
I also wonder why...!!
-
They won't upload. I have selected them yet they won't appear.
Edit: There they are. I'll upload my Malwarebytes log soon.
-
your malwarebytes log say....no action taken ?......did you not click the remove selected button and reboot after scan ?
-
your malwarebytes log say....no action taken ?......did you not click the remove selected button and reboot after scan ?
This log is from the second time I scanned with Malwarebytes. I selected and removed it and restarted after the first scan, but svchost.exe came back.
-
Ok...essexboy is on the way
-
Did TDSSKiller also fail to run ?
Could you go Start > Run and type in the following command :
diskmgmt.msc
This will open the disc management console
Please take a screen shot of that and post it here
Also are you able to burmn a CD
-
Did TDSSKiller also fail to run ?
Could you go Start > Run and type in the following command :
diskmgmt.msc
This will open the disc management console
Please take a screen shot of that and post it here
Also are you able to burmn a CD
I just ran TDSSKiller and no threats were found.
(http://i.imgur.com/tpYuv.png)
I can burn CDs.
-
Could you attach the TDSSKiller log please
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
The malware persists. I still receive notices about svchost.exe.
-
This looks like something new, I need to check a system file out
- Run OTL .
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
user32.*
/md5stop
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open one notepad windows.
- Attach this log