Author Topic: MALICIOUS URL BLOCKED - svchost.exe  (Read 5931 times)

0 Members and 1 Guest are viewing this topic.

Grape Jelly

  • Guest
MALICIOUS URL BLOCKED - svchost.exe
« on: April 20, 2012, 03:57:51 AM »
Hi,

While connected to the internet I receive notices from avast! saying that harmful sites that appear to be originating from 'svchost.exe' are being blocked by the Network Shield.

Screenshots here: http://imgur.com/a/ttwew

Please guide me in removing this malware, tell me where it could have possibly originated from, and advise me on how to avoid it from reoccurring.

Thank you.
« Last Edit: April 20, 2012, 03:59:41 AM by Grape Jelly »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #1 on: April 20, 2012, 07:35:08 AM »
Follow this guide and attach logs from Malwarebytes quick scan / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

Grape Jelly

  • Guest
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #2 on: April 20, 2012, 08:49:05 PM »
Malwarebytes' Anti-Malware Log:

http://pastebin.com/bnXknKJf

Extras.Txt:

http://pastebin.com/dXDnUjbN

OTL.Txt:

http://pastebin.com/EmTjCrmE

I can't complete a scan using aswMBR.exe without blue screening.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #3 on: April 20, 2012, 09:10:15 PM »
so why dont you attach (not copy and paste ) the logs here   ???

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #4 on: April 20, 2012, 09:11:57 PM »
so why dont you attach the logs here   ???

I also wonder why...!!
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Grape Jelly

  • Guest
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #5 on: April 20, 2012, 09:13:34 PM »
They won't upload. I have selected them yet they won't appear.

Edit: There they are. I'll upload my Malwarebytes log soon.
« Last Edit: April 20, 2012, 09:19:19 PM by Grape Jelly »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #6 on: April 20, 2012, 09:41:05 PM »
your malwarebytes log say....no action taken ?......did you not click the remove selected button and reboot after scan ?

Grape Jelly

  • Guest
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #7 on: April 20, 2012, 09:45:27 PM »
your malwarebytes log say....no action taken ?......did you not click the remove selected button and reboot after scan ?

This log is from the second time I scanned with Malwarebytes. I selected and removed it and restarted after the first scan, but svchost.exe came back.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #8 on: April 20, 2012, 09:53:04 PM »
Ok...essexboy is on the way

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #9 on: April 20, 2012, 10:42:30 PM »
Did TDSSKiller also fail to run ?

Could you go Start > Run and type in the following command :

diskmgmt.msc

This will open the disc management console
Please take a screen shot of that and post it here

Also are you able to burmn a CD

Grape Jelly

  • Guest
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #10 on: April 20, 2012, 10:53:44 PM »
Did TDSSKiller also fail to run ?

Could you go Start > Run and type in the following command :

diskmgmt.msc

This will open the disc management console
Please take a screen shot of that and post it here

Also are you able to burmn a CD

I just ran TDSSKiller and no threats were found.



I can burn CDs.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #11 on: April 20, 2012, 11:06:38 PM »
Could you attach the TDSSKiller log please

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Grape Jelly

  • Guest
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #12 on: April 20, 2012, 11:42:13 PM »
The malware persists. I still receive notices about svchost.exe.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: MALICIOUS URL BLOCKED - svchost.exe
« Reply #13 on: April 21, 2012, 12:21:51 PM »
This looks like something new, I need to check a system file out 

  • Run OTL .
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
user32.*
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad windows. 
    • Attach this log